The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

MarkLogic Responds to the Data Management Challenges of GDPR

Share article

This week’s big reveal of the ICO’s intention to fine British Airways £183.39 million for infringements of General Data Protection Regulation (GDPR) sent shock waves through industry, with an aftershock coming later in the week when the ICO issued a second notice, this time noting its intention to fine Marriott International £99,200,396 for GDPR breaches.

The Information Commissioner’s Office (ICO) made its first enforcement notice on July 6, 2018 on AggregateIQ Services, a Canadian company located outside the EU, but still holding and processing the data of UK citizens after GDPR and the Data Protection Act (DPA) 2018 came into force on May, 25 2018. This notice and 64 further enforcement actions by the ICO since GDPR and the DPA went live have gone pretty much unnoticed, leading industry participants to suggest the ICO would not bare its teeth.

These latest notices tell another story and hammer home the need to ensure data privacy and compliance with both GDPR and the DPA. But how best can this be achieved in the financial services industry, which holds enormous amounts of sensitive personal data? We recently caught up with David Gorbet, senior vice president of engineering at MarkLogic, to discuss the ongoing data management challenges of GDPR and their potential solutions.

The challenges of GDPR are well rehearsed and require organisations to fully understand how their client data is being used, where it is stored and who has access to it. From a data management perspective, challenges include the ability to track and trace personal data to prove what it is used for, access and share the data with data subjects in a timely manner, and ensure the ability to erase data across the organisation when a data subject brings the right to be forgotten into play – the whole underpinned by accurate and high quality data.

Gorbet notes the key requirements of GDPR compliance as data, integration and metadata, with metadata of an entity model being used to define what data is subject to GDPR policy and individual records being tracked to assure consent has been given to the use of personal data and adhere to policy.

He says: “The problem found in most database systems is that they use and consume data and relationships, but can’t store metadata for consent, which has to be handled elsewhere.” The MarkLogic data hub, essentially an enterprise NoSQL database platform that is designed to integrate, store, manage, and search huge amounts of data, addresses this problem by integrating all customer data and enriching it with metadata for consent.

A recent MarkLogic 360 event included user demonstrations of the platform as a means of achieving GDPR. Airbus, by way of example, described how it has attached metadata to its employee data model to understand the sensitivities of the data from a GDPR perspective. An insurance firm demonstrated how it uses the MarkLogic platform to track data, understand when and how it is transformed, and ensure all systems can see every piece of GDPR related data.

Gorbet comments: “Customers using our data hub and building data integration have a head start. They can leverage their investment to achieve GDPR compliance well and turn cost into benefit.”

Beyond GDPR, Gorbet says the data hub provides value by offering vertical use cases and solving technology problems horizontally. It is being used in capital markets to respond to regulatory reporting on a broad rather than regulation-by-regulation basis. He cites ABN Amro, which initially implemented the data hub for MiFID II compliance and is now using it to support other regulations. Customer 360 is another popular use case.

Coming soon from MarkLogic is a machine learning capability that is designed to make the hub smarter and allow models using data in the hub to be built and executed in real-time based on data coming into the hub. Suggested use cases include fraud prevention, perhaps through the identification of two records of the same person. The company now also offers a hosted version of the data hub.

Leave a comment

Your email address will not be published. Required fields are marked *

*

Related content

WEBINAR

Recorded Webinar: FRTB: The time to get your data in order is now

Fundamental Review of the Trading Book (FRTB) regulation requires firms within its scope to source significant amounts of data, some of which has not previously been required and is difficult to pin down. The data management challenges of the regulation’s Internal Model Approach (IMA) to market risk capital calculations include ongoing P&L attribution, back testing...

BLOG

DTCC Solves FRTB Risk Factor Modellability Problems with Pooled Data Solution

DTCC’s release of a beta version of its FRTB Real Price Observations Data Service provides a pooled data solution designed to help banks within the scope of Fundamental Review of the Trading Book (FRTB) analyse risk factors in line with the regulation’s Risk Factor Eligibility Test (RFET), and review price observation data to understand whether...

EVENT

Data Management Summit London

Now in its 9th year, the Data Management Summit (DMS) in London explores how financial institutions are shifting from defensive to offensive data management strategies, to improve operational efficiency and revenue enhancing opportunities. We’ll be putting the business lens on data and deep diving into the data management capabilities needed to deliver on business outcomes.

GUIDE

Best Practice Client Onboarding

Client onboarding is central to the success of banks, yet it continues to present challenges and the benefits of getting it right are difficult to achieve. The challenges arise from siloed systems, manual processes and poor entity data quality. The potential benefits of successful implementation include excellent client experience, improved client acquisition and loyalty, new business opportunities, reductions in costs, competitive advantage, and confidence in compliance.