search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
IBS Journal January 2018


25


targeted to certain types of companies than others, but they all will be affected in one way or another.”


Regulation ruckus


GDPR grants, above all, a series of rights to the consumer in regards to how their personal information is handled by companies. Watson sees the “right to be forgotten”, or Right of Erasure, as the most significant of all, due to its potential to clash with many others sets of regulation. We will see this clash in regards to AML regulation, or analytics run by companies.


GDPR is about consent, and about keeping only the appropriate and relevant data – however, this doesn’t override other pieces of regulation instated before and designed around security, Watson says. We will see consumers requesting companies or banks to erase all their data, while many of these must keep it for 5 years after the consumers is no longer with them for AML and security purposes. As much as consumers will be aware about GDPR, particularly in the months coming to March, they will not grasp the intricacies, synergies and exceptions that take place in regards to other pieces of regulation. This means that banks, or any other company or financial institution, will have to re-educate consumers, as they undoubtedly demand their data to be deleted. However, banks will not be able to erase it, and will have to explain to consumers why.


Andrew Watson, head of regulatory change, JHC


it gets compromised: “There are lots of talks but I think this will eventually pick up more momentum. I’d say, at the moment, people are taking a more lightweight approach, but it will really take off,” Ravindran says. “Particularly social media companies, and companies that work closely with them, as they hold a lot of customer information on people.”


Despite this, awareness around GDPR will pick up, although Ravindran believes we’ll discover a few “bombs” along the way: “There are companies that have been fully compliant with GDPR for over a year. And granted that a lot of it is open for interpretation, but I believe banks will be a bit ahead, as they’re used to keeping up with regulation on customer information. Retail companies, for example, which are less prepared, will be more of a target for hackers. Social media is also an obvious target – but the real problem may lie in mobile apps (such as geolocation apps), healthcare and gaming companies.”


“But, to be honest, financial institutions and banks have been doing – or at least, they should have – all this for a while now,” says Andrew Watson, head of regulatory change at JHC. “Just look at the headlines! Do you think a financial institution or a bank could recover from the reputational damage that a security breach, particularly under GDPR, could cause? Consumers are becoming more and more aware of their rights, and this regulation is only enhancing that awareness. Granted that some regulation is more


Bergal, from Avoka, adds: “Banks barely understand the implications, much less the average customer. Customers will not be demanding immediate features, but will be responding to the competitive activity in the market. Banks that offer a simple experience and who make the process of managing personal information transparent, will be perceived as offering a better customer experience, better service, and easier to work with. Especially for younger, mobile, digitally-savvy customers, a superior GDPR interface will be a competitive differentiator.”


Another important factor in keeping up with GDPR is that companies need to be clear about why the data they’re holding is being held. Only if the data is necessary must it be kept in record, otherwise, those companies may end up being fined. On the other side of the coin, if the information is necessary to be held by the bank, they need to store it for the right amount of time and utilise it according to consents and regulation. It is a fine line, but with knowledge and training, banks will be ready by the deadline.


The human error


Who has access to this data, and how, must be reviewed carefully. Watson says, technology is essential to overcome the challenges of these new regulation sets. However, there is only so much that new regtech can avoid leaks - the human factor is a very common vector of security breaches. At JHC, we have addressed that simply by adding an integrated security layer that limits access to each position and person. However, all the info shared outside these systems, via emails, phones, etc. that is the real weak link.


www.ibsintelligence.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44