About a-team Marketing Services
The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

After the Flood: GDPR and the Need for Digital Governance

Subscribe to our newsletter

By Rafael Bloom, director at change management consultancy Salvatore

Markets in Financial Instruments Directive II (MiFID II) and General Data Protection Regulation (GDPR) are landmark pieces of legislation in their own right – but there is one overarching phenomenon that explains the need for these and other such regulations that are springing up across industry verticals.

It turns out that all the talk about Big Data over the past few years was a serious understatement. Data volumes were already big when the term was coined, but are now growing at such a rate that legislation is necessary to protect us all from an unstoppable deluge. It would be nice to think society could adjust naturally to a world of big data, but the evidence to the contrary is clear: unless we are forced to change, mistakes will be made that lead to the erosion of individual privacy, the loss and subsequent misuse of personal data, and the accumulation of unacceptable systemic risks which could conceivably trigger a major societal disruption.

If we can agree that such a profound set of changes will not happen organically, then we can begin to understand that legislation is necessary as the prime mover for change. A robust regulatory structure will tip the balance away from data issues being a ‘cost of doing business’ and towards a culture in which negative consequences for non-compliance outweigh the cost.


We must hope that the new wave of data-centric regulations strikes the right balance between impractical heavy-handedness and the reality of putting in place necessary adjustments to technology and processes. After all, most institutions that already comply with the 1990s data protection rules, such as the UK Data Protection Act of 1998, should only have to make minor adjustments to meet new standards. The European GDPR rules around personal data, which come into force in May 2018, extend the scope of the existing regulation, taking in data processors as well as data controllers, and deepening the understanding of what personally identifiable data (PII) is, and the need to include data points such as IP addresses and location data.

In essence, because GDPR functions by endowing data subjects with enhanced rights over their PII, it lets institutions decide for themselves how to make sure such rights are respected. Broadly speaking, this amounts to institutions being able to demonstrate the steps they took to protect personal data over its lifecycle and respect individuals’ data subject rights. When a breach occurs, what an institution did to prepare for the event will have a significant bearing on consequences.
GDPR raises the bar for information governance in society as a whole, and those who bemoan its coming fail to grasp the significance of the new era of rapid data growth. Without it, we are exposing a soft underbelly to those who would use personal data as a tool to commit crimes, to discriminate against certain groups, or to destroy the mutual trust we need to hold an economy together. It would be ridiculous to see legislation as a panacea for these things, but at the same time it would be irresponsible to enter this technological phase without appropriate standards being set and the tools to enforce those standards being put in place.

GDPR is being made the poster child for this legislative trend, which is understandable since it is not industry-specific and affects citizens directly, and also because it is a compelling event that can be used to sell solutions and services. What it really signals is the need for effective governance over data operations, that justice is seen to be done.

Across emerging fintech and regtech industries, one unifying factor is the ability of data to shine a light on the truth. This is the essence of the wave of digital transformation that is changing the way we perform daily tasks from ordering a taxi to executing a block trade. Those who make use of digital transformation will profit, just as those who do not risk being left behind. Just ask the ex-CEOs of Kodak and Blockbuster Video how that went for them.

Digital transformation

Given the confluence of these factors, digital transformation is far from being a fad, but it is also defined in different ways by different sectors. There is value in being able to identify commonalities, and one way to do this is to acknowledge differing levels of ‘digital maturity’. This means digital transformation should not merely be focused on digital tools, but also on helping individuals adapt to new patterns of behaviour.

A proper data governance structure is key to this aim and it must involve all stakeholders within a business, from IT and legal, to financial, customer-facing and human resources functions, with a Data Protection Officer (DPO) leading the charge. Challenges like GDPR should be approached in a holistic manner, rather than forming a committee for each separate challenge and driving actions down through a company’s divisions. We should acknowledge that irrespective of individual regulations, investment in people, coupled with the proper understanding of and control over data lifecycles is essential to effective digital governance.

Rafael Bloom is director of Salvatore, a strategy and change management consultancy, and a founder member of the Digital Governance group together with Atom Consulting and TMotions Global.

Subscribe to our newsletter

Related content


Upcoming Webinar: A practical guide to dual UK and EU regulatory reporting as the Temporary Permission Regime comes to a close

Date: 19 July 2022 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes The Temporary Permission Regime (TPR) allowing capital markets participants in the European Economic Area (EEA) to continue to operate in the UK post Brexit will be withdrawn by the end of 2023, calling on firms that want to stay...


NeoXam Connects to Refinitiv Data Platform to Expand Provision of Reference, Pricing and ESG Data

NeoXam has extended its partnership with Refinitiv, a London Stock Exchange Group company,  to offer clients a wider range of data sourced for the first time from the Refinitiv Data Platform (RDP) that was released early last year. The data will include reference, pricing, and ESG data as well as data exclusive to the RDP...


Data Management Summit Europe Virtual (Redirected)

The Data Management Summit Europe Virtual brings together the European data management community to explore the latest challenges, opportunities and data innovations facing sell side and buy side financial institutions.


ESG Data Handbook 2022

The ESG landscape is changing faster than anyone could have imagined even five years ago. With tens of trillions of dollars expected to have been committed to sustainable assets by the end of the decade, it’s never been more important for financial institutions of all sizes to stay abreast of changes in the ESG data...