The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Best Practice Approaches to GDPR Compliance

Compliance with General Data Protection Regulation (GDPR) is an extensive undertaking for financial services firms, but it also generates benefits including reduced risk and cost, improved data security, new business cases, and the availability of trusted information for analytics.

The challenges and opportunities of GDPR were discussed during a recent A-Team Group webinar moderated by A-Team editor Sarah Underwood and joined by Scott Snively, data intelligence strategist at ASG Technologies; Garry Manser, head of data governance at Visa; and Colin Ware, regulatory product manager at BNY Mellon.

The webinar included results from a survey conducted by A-Team, sponsored by ASG and presented in a white paper, How to Tackle the Challenges of GDPR. It will be followed by additional webinars in the run up to GDPR compliance on May 25, 2018, and a panel session on the regulation at A-Team’s London Data Management Summit in March.

An audience poll on readiness for compliance set the scene for discussion, with 6% of respondents already ready, 25% expecting to be ready, 20% ready but with workarounds, 44% hoping to be ready, and 6% not expecting to be ready. The panel suggested financial services firms are likely to be in a good place by May as they live and breathe regulation.

Talking about approaches to GDPR, Ware said: “Most financial services companies are taking a pragmatic view and looking at the systems where they may hold personal data. They are taking a risk-based approach, looking first at areas with more sensitive and high-risk types of personal data, and then they have plans to manage lower-risk areas going forward.”

Considering the data management challenges of GDPR and drilling down into the specifics of the regulation, Manser commented on Article 30, saying: “From my point of view and most probably for a lot of financial services firms, the challenges are around Article 30, which requires us to look at what we’re actually processing data for, how many times we process a piece of information, and how we link the data back to subject access rights. There’s a lot of work around that article and really understanding what we do with personal data.”

A second audience poll reflected Manser’s view, with 56% of respondents identifying required data as a key challenge, 44% deciding on data flow for compliance, 42% establishing privacy by design, 24% keeping personal data up to date, and 18% ensuring data is accessible.

The panel went on to discuss solutions to these problems, particularly data centralisation, automation and governance, best practice implementation, and the need to look at GDPR compliance as an ongoing rather than one-off exercise.

Noting beneficial outcomes of GDPR compliance, Snively said: “There are a myriad of different benefits. The top one is that compliance mitigates the risk of fines of 4% of total revenue if you are not compliant. It also reduces the cost of internal and external audits, and by having everything in a central location, reduces the risk and cost of having privacy data stored in many locations. Compliance also ensures security is in place for technologies that house privacy information, controls surrounding the information mean breaches are less likely, and trusted sources of information are confirmed and established making data science and predictive analysis more viable. Lastly, the time to build applications is reduced, cutting the cost and giving a distinct competitive advantage. So, not only are we talking about benefits within GDPR, but also benefits extending well outside GDPR and helping organisations be more successful.”

Related content


Recorded Webinar: Best practices for regulatory reporting

Regulatory reporting has been a cost and resource burden for financial institutions for many years, with the race to compliance in a highly regulated market often leading to multiple, singular regulatory reporting solutions. Legacy systems add to the challenges of making reporting changes in line with adapted and new regulations. This webinar will address these...


Newly Merged Calypso and AxiomSL to Rebrand as Adenza

Regtech AxiomSL and trading, treasury and risk management platform Calypso Technology – which merged in July – have rebranded under the name Adenza, joining the likes of Finastra (formerly Misys), Alveo (formerly Asset Control) and others in settling on a synthetic term under which to operate as a fintech going forward. According to the company,...


Data Management Summit USA Virtual

Now in its 11th year, the Data Management Summit USA Virtual explores the shift to the new world where data is redefining the operating model and firms are seeking to unlock value via data transformation projects for enterprise gain and competitive edge.


Entity Data Management Handbook – Seventh Edition

Sourcing entity data and ensuring efficient and effective entity data management is a challenge for many financial institutions as volumes of data rise, more regulations require entity data in reporting, and the fight again financial crime is escalated by bad actors using increasingly sophisticated techniques to attack processes and systems. That said, based on best...