About a-team Marketing Services
The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Best Practice Approaches to GDPR Compliance

Subscribe to our newsletter

Compliance with General Data Protection Regulation (GDPR) is an extensive undertaking for financial services firms, but it also generates benefits including reduced risk and cost, improved data security, new business cases, and the availability of trusted information for analytics.

The challenges and opportunities of GDPR were discussed during a recent A-Team Group webinar moderated by A-Team editor Sarah Underwood and joined by Scott Snively, data intelligence strategist at ASG Technologies; Garry Manser, head of data governance at Visa; and Colin Ware, regulatory product manager at BNY Mellon.

The webinar included results from a survey conducted by A-Team, sponsored by ASG and presented in a white paper, How to Tackle the Challenges of GDPR. It will be followed by additional webinars in the run up to GDPR compliance on May 25, 2018, and a panel session on the regulation at A-Team’s London Data Management Summit in March.

An audience poll on readiness for compliance set the scene for discussion, with 6% of respondents already ready, 25% expecting to be ready, 20% ready but with workarounds, 44% hoping to be ready, and 6% not expecting to be ready. The panel suggested financial services firms are likely to be in a good place by May as they live and breathe regulation.

Talking about approaches to GDPR, Ware said: “Most financial services companies are taking a pragmatic view and looking at the systems where they may hold personal data. They are taking a risk-based approach, looking first at areas with more sensitive and high-risk types of personal data, and then they have plans to manage lower-risk areas going forward.”

Considering the data management challenges of GDPR and drilling down into the specifics of the regulation, Manser commented on Article 30, saying: “From my point of view and most probably for a lot of financial services firms, the challenges are around Article 30, which requires us to look at what we’re actually processing data for, how many times we process a piece of information, and how we link the data back to subject access rights. There’s a lot of work around that article and really understanding what we do with personal data.”

A second audience poll reflected Manser’s view, with 56% of respondents identifying required data as a key challenge, 44% deciding on data flow for compliance, 42% establishing privacy by design, 24% keeping personal data up to date, and 18% ensuring data is accessible.

The panel went on to discuss solutions to these problems, particularly data centralisation, automation and governance, best practice implementation, and the need to look at GDPR compliance as an ongoing rather than one-off exercise.

Noting beneficial outcomes of GDPR compliance, Snively said: “There are a myriad of different benefits. The top one is that compliance mitigates the risk of fines of 4% of total revenue if you are not compliant. It also reduces the cost of internal and external audits, and by having everything in a central location, reduces the risk and cost of having privacy data stored in many locations. Compliance also ensures security is in place for technologies that house privacy information, controls surrounding the information mean breaches are less likely, and trusted sources of information are confirmed and established making data science and predictive analysis more viable. Lastly, the time to build applications is reduced, cutting the cost and giving a distinct competitive advantage. So, not only are we talking about benefits within GDPR, but also benefits extending well outside GDPR and helping organisations be more successful.”

Subscribe to our newsletter

Related content


Recorded Webinar: FRTB: What still needs to be done before the global deadline of January 2023?

While implementation of Fundamental Review of the Trading Book (FRTB) regulation has been delayed twice for reasons first of complexity and second of the coronavirus pandemic, the final deadline of January 1, 2023 is less than a year away. For banks in scope of the regulation, the time to put necessary risk infrastructure and data...


Top 6 Use Cases for AI in RegTech

As artificial intelligence’s influence on regtech continues to grow, so does the importance of minimising algorithm bias and maximising data quality. The use of Artificial Intelligence (AI) and machine learning in RegTech is playing an increasingly important role and helping to reshape risk and regulatory compliance. It can offer many benefits and we outline the...


A-Team Innovation Briefing: Innovation in Cloud

This Innovation Briefing will explore approaches to data infrastructure transformation, technologies required and how to make sure processes are optimised to support real time data management. Hear from leading practitioners and innovative technology solution providers who will share insight into how to set up and leverage your data infrastructure to provide user access to consistent data and analytics, and companies the ability to monetise their data.


ESG Data Handbook 2022

The ESG landscape is changing faster than anyone could have imagined even five years ago. With tens of trillions of dollars expected to have been committed to sustainable assets by the end of the decade, it’s never been more important for financial institutions of all sizes to stay abreast of changes in the ESG data...