The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Best Practice Approaches to GDPR Compliance

Compliance with General Data Protection Regulation (GDPR) is an extensive undertaking for financial services firms, but it also generates benefits including reduced risk and cost, improved data security, new business cases, and the availability of trusted information for analytics.

The challenges and opportunities of GDPR were discussed during a recent A-Team Group webinar moderated by A-Team editor Sarah Underwood and joined by Scott Snively, data intelligence strategist at ASG Technologies; Garry Manser, head of data governance at Visa; and Colin Ware, regulatory product manager at BNY Mellon.

The webinar included results from a survey conducted by A-Team, sponsored by ASG and presented in a white paper, How to Tackle the Challenges of GDPR. It will be followed by additional webinars in the run up to GDPR compliance on May 25, 2018, and a panel session on the regulation at A-Team’s London Data Management Summit in March.

An audience poll on readiness for compliance set the scene for discussion, with 6% of respondents already ready, 25% expecting to be ready, 20% ready but with workarounds, 44% hoping to be ready, and 6% not expecting to be ready. The panel suggested financial services firms are likely to be in a good place by May as they live and breathe regulation.

Talking about approaches to GDPR, Ware said: “Most financial services companies are taking a pragmatic view and looking at the systems where they may hold personal data. They are taking a risk-based approach, looking first at areas with more sensitive and high-risk types of personal data, and then they have plans to manage lower-risk areas going forward.”

Considering the data management challenges of GDPR and drilling down into the specifics of the regulation, Manser commented on Article 30, saying: “From my point of view and most probably for a lot of financial services firms, the challenges are around Article 30, which requires us to look at what we’re actually processing data for, how many times we process a piece of information, and how we link the data back to subject access rights. There’s a lot of work around that article and really understanding what we do with personal data.”

A second audience poll reflected Manser’s view, with 56% of respondents identifying required data as a key challenge, 44% deciding on data flow for compliance, 42% establishing privacy by design, 24% keeping personal data up to date, and 18% ensuring data is accessible.

The panel went on to discuss solutions to these problems, particularly data centralisation, automation and governance, best practice implementation, and the need to look at GDPR compliance as an ongoing rather than one-off exercise.

Noting beneficial outcomes of GDPR compliance, Snively said: “There are a myriad of different benefits. The top one is that compliance mitigates the risk of fines of 4% of total revenue if you are not compliant. It also reduces the cost of internal and external audits, and by having everything in a central location, reduces the risk and cost of having privacy data stored in many locations. Compliance also ensures security is in place for technologies that house privacy information, controls surrounding the information mean breaches are less likely, and trusted sources of information are confirmed and established making data science and predictive analysis more viable. Lastly, the time to build applications is reduced, cutting the cost and giving a distinct competitive advantage. So, not only are we talking about benefits within GDPR, but also benefits extending well outside GDPR and helping organisations be more successful.”

Related content


Recorded Webinar: Brexit: Reviewing the regulatory landscape and the data management response

With Brexit behind us and the UK establishing its own regulatory regime having failed to reach equivalence with the EU, financial firms face challenges of double reporting, uncertainty about UK regulation, and a potential exodus of top talent. The data management response is not easy and could stretch some firms to the limit as they...


Post-Brexit UK Sanctions Regime Adds Complexity as Firms Wrestle with Global Compliance

The post-Brexit UK sanctions regime has added complexity to firms’ efforts to comply with international sanctions regimes, in some cases changing their appetite for risk, according to a recent A-Team webinar on the topic. And although much of the UK regime has been transposed from EU regulation, small but significant changes are adding to the...


RegTech Summit Virtual

The RegTech Summit Virtual is a global online event that brings together an exceptional guest speaker line up of RegTech practitioners, regulators, start-ups and solution providers to collaborate and discuss innovative and effective approaches for building a better regulatory environment.


Entity Data Management Handbook – Seventh Edition

Sourcing entity data and ensuring efficient and effective entity data management is a challenge for many financial institutions as volumes of data rise, more regulations require entity data in reporting, and the fight again financial crime is escalated by bad actors using increasingly sophisticated techniques to attack processes and systems. That said, based on best...