Our GDPR summary for Financial Services

The general data protection regulation (GDPR) is creating challenges that requires action from everyone in Financial Services.

This is the largest change to data protection legislation in the last 20 years, and regulators have unprecedented power to impose fines and will require widescale privacy changes across every organisation.

But it also represents a major opportunity to:

  • transform your approach to privacy,
  • harness the value of your data, and
  • ensure your organisation is fit for the digital economy

Live webcast : Where are Financial Services Organisations on their GDPR journey? 

Register for our webcast exploring the impact of the General Data Protection Regulation (GDPR). We discuss whether financial services organisations are taking the GDPR seriously, what they should be doing in 2017 to prepare for the regulation, and what the challenges will be. 

Register here

GDPR at a glance

It puts individuals back in control of their personal data

Customers and employees have more power to control how businesses use their data. You could be required to report on, move or dispose of personal data if requested and you must have the capabilities to do this. Your options for using personal data are restricted.

Data must be easily portable and forgettable

You must be able to provide individuals with their personal data in a structured, commonly used and machine readable form. Your systems and processes will have to let you truly ‘forget and delete’ data upon request from the individuals including long term archives.

How you use data will be more transparent

The rules on consent are getting tougher, and individuals can withdraw consent at any time. You’ll be required to articulate all of the ways in which you use personal data, and make it clear to individuals what their data is being used for and who you have shared it with.

Third parties could put you at risk

You will remain responsible for individuals’ personal data throughout the entire data lifecycle. You will have to assure that data you pass to third parties is handled in a manner compliant with GDPR.

Fines are getting bigger, and the timelines are getting shorter

Fines for non-compliance can be as severe as 4% of annual global turnover or 20m EUR – whichever is higher, enforceable from May 2018. You will be under legal obligation to notify data protection authorities within 72 hours of a data breach, and individuals without delay. You will have to keep records of your data processing activities, undertake privacy impact assessments and appoint a Data Protection Officer (DPO).

How can FS organisations prepare for the GDPR?

View our webcast exploring the impact of the General Data Protection Regulation (GDPR). We discuss whether financial services organisations are taking the GDPR seriously, what they should be doing in 2017 to prepare for the regulation, and what the challenges will be.

loading-player

Playback of this video is blocked because of your cookie preferences.

You can change your settings on the Cookies information page: you need to accept Advertising cookies to see this YouTube video.

Contact us

Craig Skinner

Craig Skinner

Partner, PwC United Kingdom

Tel: +44 (0)7734 974406

Follow us