In May 2018, the European Union’s long-awaited General Data Protection Regulation (GDPR) went into full effect, updating privacy regulations throughout the EU and creating ripple effects felt around the world. GDPR lays out the basic premise that individuals should have control over their own data and places new restrictions on financial institutions and other organizations seeking to store, process or transmit that data.
The implications for financial institutions are profound, requiring that firms understand how they interact with personal information and obtain consent from individuals before taking action with that data. The major shift is that data processors must now incorporate data protection “by design and by default,” meaning that they must consider data protection when designing any business process, and all actions they take must have a default assumption of privacy.
The financial industry is still coming to grips with the true implications of GDPR and is eagerly awaiting the case law that will inevitably clarify the standard. In the meantime, financial institutions seek to implement policies, strategies and technologies that will position them to comply with GDPR as well as an expected wave of other global regulations.
To learn more, download our white paper "Finance and GDPR: What You Need to Know" below.