The upcoming GDPR framework (General Data Protection Regulation in EU) has started a massive buzz around data privacy processes and practices. People are franticly searching for answer to the question; how will GDPR affect my company and my work routines. This can be easily verified from Google Trends, where it appears that the GDPR topic has increased in popularity consistently since last autumn. Currently GDPR searches are at an all-time high and most likely there will be even higher figures tomorrow and the day after until the regulation comes into effect on May 25th . The most interesting aspect of GDPR is how it affects marketing, the storage of personal data, and how contracts are getting an extra clause to accommodate the new regulation.
The buzz is understandable due the fact that GDPR is possibly the most outlying regulatory requirement ever issued concerning customer data. It is not only affecting European Union as a territory, but all companies exposed to citizens of the European Union’s jurisdiction. Thus, non-EU based companies which target their services to EU citizens must apply the same procedures regarding data protection that EU based companies are as well. So, GDPR could be described as a global change to developing data protection and privacy matters.
How is GDPR changing the game then?
There are multiple direct actions that need to be done if a company has not yet adapted their business practices in accordance with GDPR. First of all, EU citizens will have the right to obtain all their personal data from any company. The idea of this privilege is to make personal data processing transparent for the customer. Therefore, the company must be able to show the customer everything they have recorded in a CRM or any other system concerning this particular customer. Implying that a customer can retrieve their data in a machine-readable format from one company, which can then be imported by another company, could allow clients to leverage new services at better prices with ease. This is a game changer within the financial industry, especially in financial services and product offers. Additionally, a customer has the right to be forgotten, meaning that companies need to erase all personal data of the certain customer by request. An exception to this is when data is something that needs to be stored for other legislative matters such as tax reporting.
Secondly, data protection is yet to be precisely outlined by GDPR. This combines requirements regarding internal and external practices of a company and as a whole it can be called Privacy by Design. From the external point of view a company must be secured against cyber-attacks and other kinds of malicious data breaches which could expose the personal data to a danger. These kinds of breaches have to be informed without delay to the affected customers, data controllers, and financial authorities. GDPR sets the absolute limit of 72 hours for these data breach notifications.
From the internal point of view all the processes and practices must meet the compliance of personal data security. Hence, these requirements might drive companies to change organizational structures and conventional workflows. As a practical example, there might still be offices working with paper documents. This could conflict with GDPR as personal data must be consistently stored, and the data holding structure needs to be shown by request to financial authorities.
GDPR covers an array of data management topics, but the above-mentioned topics are in all likelihood the most crucial ones. If you have read this blog post to this point, you might be looking for a solution to achieve GDPR compliance. As mentioned, these requirements cannot be fulfilled with a plug-and-play software since the implementation needs to cover the entire business flow, organization, and all the practices. In this sense, a one-stop-shop for GDPR does not exist.
Fortunately, FA Solutions as a business platform guides you half way through the GDPR challenges. Personal data is stored in a consistent way and is secured with our hosting partners in the highest grade. In addition, personal data can be easily exported from the system and based on the demands it can be erased or handed over to the customer in a previously mentioned machine-readable way. Finally, whether you are seeking to approach the GDPR in one way or another within your asset management business, FA Platform adjusts to those changes through its natural flexibility.
If you wish to learn more on how FA can help you to prepare for the upcoming GDPR regulation, just leave your email address below and we will be in touch.