Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Regulation is nothing new to the financial services industry, but GDPR is a different animal altogether. It codifies into law an extraordinary level of accountability for organizations, and they are feeling the pressure. With great responsibility, though, can come great rewards – beyond merely complying with GDPR.

Setting the Context: Today’s Technology Landscape

According to a 2017 survey by Varonis Systems, 76 percent of IT executives working in financial services said they face serious challenges in preparing for GDPR. In fact, banking respondents to the Accenture 2017 Global Risk Management Study cited escalating demand from various regulators in multiple jurisdictions as their top concern. Almost 60 percent of those surveyed said they need to upgrade their systems and capabilities to deliver more transparent reporting to regulators.

Yet GDPR is not the only technology issue facing financial services organizations.Keeping pace with today’s changing digital technology is another challenge. Nearly all (90 percent) of the professionals surveyed for the Accenture Banking Technology Vision 2017 report said that their organizations “must innovate at an increasingly rapid pace just to keep a competitive advantage.”

Remaining competitive requires a constant focus on the customer experience to increase transactions and ensure retention. Digital transformation projects require leveraging customer data – an untapped source at many financial institutions – to create new technologies and services and optimize them for personalization, speed, and ease of use.In addition, building in privacy by design and maintaining it across multiple consumer platforms is a major undertaking. So is integrating new technology with legacy applications and infrastructure.

Cyber threats are also a rising concern. According to the Ponemon Institute’s 2017 Cost of Cyber Crime Study, financial services companies have the highest annualized cost of cyber crime at $18.28 million (along with utilities and energy). The global average cost of cyber crime is now $11.7 million, up nearly 23 percent from the year before. The average annual number of security breaches is up nearly 30 percent.

Business Benefits of GDPR

A GDPR compliance initiative can help with all of these issues. Three benefits in particular can come from a GDPR exercise – if you approach it the right way.

  1. Reduce Costs

Besides avoiding its stiff fines and penalties, thecost savings from a GDPR endeavour could be substantial. For example, according to People Data Labs, approximately 18 percent of data in people databases such as a CRM or ATS system is duplicated. With the insights gleaned from your GDPR compliance project, your IT organisation can identify areas of duplication to eliminate or consolidate. The result could be decreases in systems cost, capacity waste, IT time, maintenance expenses, slower backups, and data centre costs.Better data management will also reduce staff time when customers invoke the “right to be forgotten” principle of GDPR and ask you to delete all their digital data.

  1. Decrease Risks

Complying with GDPR will enable you to pinpoint where sensitive information is being stored as well as determine the supporting processes and technologies against a defined control framework. This knowledge will help you plan and execute remediation strategies, such as deciding whether to encrypt, archive or delete the data to prevent misuse or duplication of data elsewhere.Better securing your highly regulated and sensitive data can help prevent data breaches – whether from hackers or insiders. In addition, you can prove to auditors that controls exist for identifying and reporting on all sensitive data.

  1. Improve the Customer Experience

Preparing for GDPR gives you a better understanding of your customer-facing processes and applications as well as their purpose within the organization. This will help you create and deliver digital solutions that customers want, in the way they want them, while ensuring data privacy controls are in place. Having superlative security and privacy processes can improve your reputation and competitiveness as well – increasing customer acquisition and retention.

The savviest banks will capitalize on GDPR to offer new services to customers. As Chris McMillan, a partner at management consulting firm Oliver Wyman, told the Financial Times: “A bank could see you have a direct debit to a telco and ask you for permission to request the data from the telco to check you are getting the best deal. That would be a compelling proposition for a customer, knowing their bank is trying to save them money.”

Getting GDPR Right

Realizing the benefits of a GDPR project requires four initiatives:

  • Log your tech and data assets and determine their use
  • Analyse your data landscape to ascertain how well that data is protected
  • Understand data lineage and where and how that data is being used
  • Target and prioritise investments and planning activities required to support GDPR compliance

For an undertaking this complex, you need to organize a cross-functional data governance team to collaborate and drive your GDPR efforts. The team should include representatives from functions such as legal, data privacy, IT security and risk management, enterprise architecture, and the enterprise program management office (EPMO).

In this era of digitization and regulations, protecting data privacy and proving that you are doing it lawfully under GDPR is paramount. With the associated business benefits that are possible as a result, financial institutions should see GDPR as an opportunity rather than a burden.

Nicola McCoy is director of enterprise architecture consulting with Planview. She has more than 20 years’ experience working within information security, enterprise architecture, global technology, and enterprise software roles. She has deep experience in helping organisations to understand operational resilience, information security, and how to manage risk within a connected enterprise, while communicating their current risk posture to senior (C-level) stakeholders.

Continue Reading

Recent Posts