The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Best Practice Approaches to GDPR Compliance

Compliance with General Data Protection Regulation (GDPR) is an extensive undertaking for financial services firms, but it also generates benefits including reduced risk and cost, improved data security, new business cases, and the availability of trusted information for analytics.

The challenges and opportunities of GDPR were discussed during a recent A-Team Group webinar moderated by A-Team editor Sarah Underwood and joined by Scott Snively, data intelligence strategist at ASG Technologies; Garry Manser, head of data governance at Visa; and Colin Ware, regulatory product manager at BNY Mellon.

The webinar included results from a survey conducted by A-Team, sponsored by ASG and presented in a white paper, How to Tackle the Challenges of GDPR. It will be followed by additional webinars in the run up to GDPR compliance on May 25, 2018, and a panel session on the regulation at A-Team’s London Data Management Summit in March.

An audience poll on readiness for compliance set the scene for discussion, with 6% of respondents already ready, 25% expecting to be ready, 20% ready but with workarounds, 44% hoping to be ready, and 6% not expecting to be ready. The panel suggested financial services firms are likely to be in a good place by May as they live and breathe regulation.

Talking about approaches to GDPR, Ware said: “Most financial services companies are taking a pragmatic view and looking at the systems where they may hold personal data. They are taking a risk-based approach, looking first at areas with more sensitive and high-risk types of personal data, and then they have plans to manage lower-risk areas going forward.”

Considering the data management challenges of GDPR and drilling down into the specifics of the regulation, Manser commented on Article 30, saying: “From my point of view and most probably for a lot of financial services firms, the challenges are around Article 30, which requires us to look at what we’re actually processing data for, how many times we process a piece of information, and how we link the data back to subject access rights. There’s a lot of work around that article and really understanding what we do with personal data.”

A second audience poll reflected Manser’s view, with 56% of respondents identifying required data as a key challenge, 44% deciding on data flow for compliance, 42% establishing privacy by design, 24% keeping personal data up to date, and 18% ensuring data is accessible.

The panel went on to discuss solutions to these problems, particularly data centralisation, automation and governance, best practice implementation, and the need to look at GDPR compliance as an ongoing rather than one-off exercise.

Noting beneficial outcomes of GDPR compliance, Snively said: “There are a myriad of different benefits. The top one is that compliance mitigates the risk of fines of 4% of total revenue if you are not compliant. It also reduces the cost of internal and external audits, and by having everything in a central location, reduces the risk and cost of having privacy data stored in many locations. Compliance also ensures security is in place for technologies that house privacy information, controls surrounding the information mean breaches are less likely, and trusted sources of information are confirmed and established making data science and predictive analysis more viable. Lastly, the time to build applications is reduced, cutting the cost and giving a distinct competitive advantage. So, not only are we talking about benefits within GDPR, but also benefits extending well outside GDPR and helping organisations be more successful.”

Related content


Upcoming Webinar: The post-Brexit UK sanctions regime – how to stay safe and compliant

Date: 11 March 2021 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes When the Brexit transition period came to an end on 31 December 2020, a new sanctions regime was introduced in the UK under legislation set out in the Sanctions and Anti-Money Laundering Act 2018 (aka the Sanctions Act). The...


To Buy or Build: Four Considerations for CIOs

By: Niall Twomey, CTO, Fenergo. Before embarking on a CLM (Client Lifecycle Management) digital transformation program, most financial institutions (FI) are faced with the ‘buy versus build’ conundrum; to buy something from a third-party vendor or completely build something internally. There are several factors that need to be considered in this decision making process including...


RegTech Summit APAC

RegTech Summit APAC will explore the current regulatory environment in Asia Pacific, the impact of COVID on the RegTech industry and the extent to which the pandemic has acted a catalyst for RegTech adoption in financial markets.


Regulatory Data Handbook 2020/2021 – Eighth Edition

This eighth edition of A-Team Group’s Regulatory Data Handbook is a ‘must-have’ for capital markets participants during this period of unprecedented change. Available free of charge, it profiles every regulation that impacts capital markets data management practices giving you: A detailed overview of each regulation with key dates, data and data management implications, links to...