How Will GDPR Affect the Finance Industry?
What are some of the main concerns?
Personal Data Across Products
Within finance, personal data is often stored across multiple products. Consequently, pseudonymisation is likely to be a necessary process for ensuring data protection.
Pseudonymisation is defined as the technique of processing data in such a way that the person who it belongs to can no longer be identified unless the data is cross-referenced with an additional, separate source.
Right to be Forgotten
Dissimilar to many other industries, organisations within the financial sector may keep some data if it is required to ensure compliance with other regulations. However, if there is no other justification for the holding of personal data, the right to be forgotten applies as standard.
Data Breach Liability
Businesses will now need to report a data breach to the supervisory authority within 72 hours. The notification should include details such as the nature of the breach, the approximate number of affected individuals, as well as contact details for your DPO. Likely outcomes and planned solutions should also be reported ‘without undue delays’.
Since May, liability has been made more significant. For serious violations, companies will be fined up to 20 million euros, or 4% of their global turnover- whichever amount is greater. For minor violations, businesses will be fined 2% of their global turnover.
Any financial sanction is also in addition to reputational damage.
Do you need more information about how you can get ready for the GDPR?
We wish to emphasise that Arden Group is a Managed Service Provider and not a legal firm. That means that the views brought forward in this page are not necessarily shared by lawyers or courts.
Arden Group, therefore, does not guarantee that all information is factual and interpreted correctly. If you wish to ensure your advice or your company is legally covered by GDPR, consider consulting legal or specialised advice.