Financial institutions around the world are bracing themselves for the onset of the EU’s General Data Protection Regulation (GDPR), which introduces eye-watering financial penalties for firms failing to meet stringent new rules on managing the personal data of EU residents. GDPR – which comes into effect in May 2018 – will have a major impact on the way financial services firms manage client and prospect information.
While the regulation applies directly to entities operating within the EU, GDPR’s requirements extend to any business globally that is collecting personal data from EU residents. Penalties for non-compliance are severe: ranging up to €20million or 4% of worldwide turnover, whichever is greater, for affected parties. As a result, GDPR is getting high-level attention.
To assess industry readiness and attitudes towards compliance, the A-Team Group conducted a survey of data management and data privacy executives at a range of financial institutions operating in the UK, Europe and the US. Survey respondent firms ranged in size from Tier 1 universal banks to Tier 3 asset managers, and respondent firms ranged in function from large sell-side institutions and global custodians to investment managers and credit card processors.
This paper, sponsored by ASG Technologies, examines the data management challenges posed by GDPR for financial institutions and how they are responding. It also explores compliance approaches of these institutions, explains the importance of governance to successful compliance, and offers guidance on implementing new technologies to ensure compliance.