About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

GDPR Week One: Outstanding Data Management Challenges and a Quick Start Solution

Subscribe to our newsletter

The May 25, 2018 deadline for General Data Protection Regulation (GDPR) may have come and gone, but the compliance journey is only just beginning as firms review systems built to get them over the line and plan more robust and sustainable solutions that can support a cost-efficient response to data subject access requests and accommodate regulatory change over the long term.

The outstanding data management issues of GDPR and the potential of a Quick Start solution for firms within the scope of the regulation were discussed during an A-Team Group webinar this week. The webinar was moderated by Sarah Underwood, editor of A-Team’s Data Management Review and joined by Hany Choueiri, GDPR consultant at AON; Craig Taylor, an independent consultant and former GDPR programme manager; Jennifer Shorten, technical delivery architect, EMEA, at MarkLogic; and Chris Atkinson, solutions architect, EMEA, at MarkLogic.

The webinar opened with an audience poll that set the scene on compliance levels in capital markets. Some 39% of respondents said they were somewhat compliant with GDPR on the compliance deadline, 26% were completely compliant, 22% were close to compliance, 9% could show intent, and 4% were not at all compliant.

Noting a predominantly positive response to the poll question, Choueiri said: “GDPR has not been a tick box exercise for most financial services firms. It has been hard work and has put data privacy at the heart of organisations. It is also a journey, with firms having ongoing compliance plans through 2018 and beyond.”

A second audience poll asked the webinar audience which are the toughest, ongoing GDPR data management challenges. Getting consent to use personal data topped the poll results with 52% of respondents citing it as a challenge. Some 48% cited identifying personal data, 44% providing access to personal data, 37% storing personal data, and 33% keeping personal data up to date. Reflecting on the poll results, Taylor commented: “It’s difficult to get visibility of all data subjects across all systems. The right to be forgotten is also a challenge and asks open questions on how far firms must go to comply. Must data be deleted, or could it be marked as not to be used?”

Considering GDPR solutions, Atkinson noted the need for a client centric view of personal data coupled to strong data governance. Shorten noted that if firms run data governance across systems rather than focussing on data subjects, there is a chance that they won’t be compliant.

Atkinson went on to describe MarkLogic’s GDPR Quick Start solution that supports compliance, delivers a 360-degree view of clients and can be up and running in four weeks. He explained: “Large and small firms typically aggregate data across multiple systems. Quick Start adds a layer of consent management on top of the aggregated data and uses event management techniques to maintain a composite record of consent across systems. This provides a 360 view of clients.” Among other features, the solution includes white, grey and black lists of data identifying what personal data can and cannot be used based on data subjects’ consents.

On the opportunities beyond GDPR compliance of a 360 view of clients, Shorten commented: “The client data can be anonymised and used for purposes such as gaining business insight.” Summing up GDPR requirements and offering some final advice to data practitioners working on the regulation, she concluded: “Know where personal data is, not just where it might be, and find a solution that supports data mapping. The winners will be firms that can comply with GDPR and maintain the agility needed to innovate, change and grow.”

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Managing Off-Channel Communications Compliance

Managing off-channel communications – business interactions occurring outside of approved corporate systems – continues to challenge firms’ compliance efforts. The rise of personal messaging apps, social media, and other unmonitored channels – for example, messaging functionality embedded in an order management system – exposes firms to substantial regulatory risk. Enforcement actions by regulatory bodies, such...

BLOG

7 AI-Powered RegTech Newcomers to Watch in 2025

A new wave of RegTech startups – founded ~2018 onwards – is leveraging AI to transform regulatory compliance across anti-money laundering, customer due diligence, trade surveillance, ESG reporting, and more. These “innovators to watch” are gaining traction via institutional adoption and regulatory sandbox programs. For identifying promising startups in AI-powered compliance technology, we evaluated each...

EVENT

Data Management Summit London

Now in its 16th year, the Data Management Summit (DMS) in London brings together the European capital markets enterprise data management community, to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline

The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting...