Editor’s picks: the financial industry’s response to GDPR

By David Beach | 2 April 2018

In which department does GDPR sit? How will GDPR affect me? What happens if I’m breached? What are the fines? No, really, what are the fines? Thus reads the internet history of any number of data protection officers in the financial industry.

May 25th, implementation day, is 56 days away. As part of our ritual (and sadistic) reminders, this editor’s picks is a collation of the financial services’ response to GDPR.

What is GDPR?: The implications you need to know

By Dave Beach, bobsguide.

The General Data Protection Regulation (GDPR) has the aim of enabling EU residents to control their personal data in response to new advances in technology and data capabilities, hereby protecting the individual’s fundamental right to privacy under the Code of EU Online Rights (Chapter 4) as well as the Lisbon Treaty. GDPR further looks to simplify regulatory proceedings for international businesses.

Considering that the full document is 204 pages, bobsguide has summarised the key points into a handy article. Here are 10 important considerations.

 

Digital onboarding: The Missing link in GDPR compliance

By Peter Fitzpatrick, Agreement Express.

As the May 25 2018 deadline for GDPR compliance looms, financial institutions are busily preparing to offer their customers better data protection and consent options. The market trend seems to be prioritizing and investing in front-end systems first, before turning attention to back-end systems. There are two main reasons for this; the first is that front-end, customer-facing systems are the main way to obtain consent and data access rights from the customer, and the second is that it helps improve the customer experience upfront. They’re able to hit two birds with one stone.


 

The Fintalk podcast | 100 day countdown to GDPR

By Alex Hammond, bobsguide.

Financial services is one of the industries most heavily affected, so are institutions on top of compliance?

With 100 days remaining until its implementation date, we take a closer look at how the GDPR legislation is reshaping banking operations, ask where companies should be on their compliance journey, and highlight the dangers institutions face if the deadline is not met.

Topics covered with industry experts include:

  • What actually are the obligations that GDPR places upon financial institutions? Are they clear?

  • How should new consequences for data breaches introduced by GDPR reshape banks' IT budget?

  • Is partnering with solution vendor the only route to GDPR compliance?

  • Does GDPR challenge the notion that data is the new money, or does it strengthen that position?

  • Is the impact of Brexit on GDPR clear?

 

A step-by-step guide to hacking a bank | Inside the mind of an ethical hacker

By Dave Beach, bobsguide.

(The worse case scenario of a data breach)

bobsguide spoke to Neil Haskins, Director of IOActive’s advisory services in EMEA and Middle East. With over 27 years worth of industry experience, Neil was delighted to talk reporter Dave Beach, through a simulation of a hack on a model Tier One Bank.


 

Securing open source leading up to GDPR enforcement

By Matt Jacobs, Black Duck by Synopsys.

Open source continues to transform how we architect software solutions in every industry. Black Duck’s 2017 Open Source Security and Risk Analysis of over 1000 commercial applications revealed that 96% of applications scanned utilised open source. While the rate of open source reuse has been steadily climbing over the decades, policies, procedures, and safeguards for the responsible use of open source has lagged.


 

MiFID II vs GDPR: Striking a balance between KYC and data privacy

By Aoife Harney, Fenergo.

Already this year, financial institutions have overcome one major regulatory hurdle in the form of the Markets in Infrastructure Directive (MiFID) II. However, the May 2018 General Data Protection Regulation (GDPR) hurdle is looming ahead, threatening to present banks around the world with conflicting and challenging data collection and protection requirements.

 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development