IBS Journal January 2018

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

24

GDPR

GDPR: A new hope dawns for customer data

According to data provided by Virtusa Labs, from 2008 onwards, banks have had to face a total of $321 billion in regulatory fines. Regtech is rumoured to become a $100 billion industry by 2020 due to the impact it can have. We examine this expanding regulatory universe

Junior Reporter Henry Vilar

A

lthough the number of regtechs is not as big as the number of fintechs, which is around 11,0000, they share a growing momentum. Many of these are dedicated to

resolving problems related to GDPR, PSD2 and others

IBS Journal talked to Virtusa’s executive vice president (EVP) and global head of tech labs, Senthil Ravindran, about his view on the potential impact of GDPR on the industry. He says: “We are all taking steps, but nobody really knows what may happen, whether a company is going to lose a significant portion of its revenue, or how the structure of your company’s top layer needs to be rearranged. All this can be a massive strain for companies, particularly the really big ones – and that is why we’re focusing on raising awareness.”

But how does GDPR affect business? Well, according to Don Bergal, chief marketing officer (CMO) at Avoka, there are numerous “rights” that GDPR bestows upon the consumer, all relating to how their personal data is used by an institution. In simple terms, these include the right to access your records, make a change to rectify an error, and even to be forgotten completely by the bank (known as the Right to Erasure).

It also includes active control of the records, such as the right to restrict processing to only specified purposes. For example, if you provide financial data to apply for a loan, you can restrict that data from being used by the bank when considering you for other unrelated products. And if you want to take your financial history with you and change banks, you have the right to do that as well, requiring institutions to provide records in a portable format on request.

He says: “It’s like installing a huge new window in the front of the bank, so now everybody can see in. The whole notion of

transparency, giving a consumer visibility to the records held, is new.” What this means, according to Bergal, is there hasn’t been any existing set of customer engagement systems that enables consumers to view, edit, control and delete their own information when it is stored in the most secure of the bank’s repositories. Thus, we will see a new generation of customer engagement systems, with the governance and tracking that comes with it.

Silent killers

During SIBOS, we saw a tendency that moved away from tick-off lists and prioritised pre-emptive risk management as a holistic approach. Ravindran shares this view when it comes to GDPR: “More specifically, we are focusing on article 13, which is about personal identifiable information, data and assets.

“At Virtusa Labs, our work in this area relates to how organisations that rely on automated decision making can avoid issues that might emerge from a regulatory perspective when using AI. Many of the big companies, the likes of PwC, would provide you with a list if to-dos to tick and check off to be compliant with GDPR. But in my view, GDPR is much more than that.”

“For example, there could be hackers who already have possession of some of your customer information, and they could come back to you post-2018 and threaten to release it in exchange for a ransom,” he says.

New strains of ransomware and malware, for example, are some of the problems of GDPR that have not ben explicitly foreseen. Another big issue is that it is very easy to identify where the individually identifiable personal data resides. For example, find customer information from a company’s system, particularly when a second company has access to that data and

www.ibsintelligence.com | © IBS Intelligence 2018

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44