Our GDPR summary for Financial Services

The general data protection regulation (GDPR) is creating challenges that requires action from everyone in Financial Services.

This is the largest change to data protection legislation in the last 20 years, and regulators have unprecedented power to impose fines and will require widescale privacy changes across every organisation.

But it also represents a major opportunity to:

  • transform your approach to privacy,
  • harness the value of your data, and
  • ensure your organisation is fit for the digital economy

Live webcast : Where are Financial Services Organisations on their GDPR journey? 

Register for our webcast exploring the impact of the General Data Protection Regulation (GDPR). We discuss whether financial services organisations are taking the GDPR seriously, what they should be doing in 2017 to prepare for the regulation, and what the challenges will be. 

Register here

GDPR at a glance

It puts individuals back in control of their personal data

Customers and employees have more power to control how businesses use their data. You could be required to report on, move or dispose of personal data if requested and you must have the capabilities to do this. Your options for using personal data are restricted.

Data must be easily portable and forgettable

You must be able to provide individuals with their personal data in a structured, commonly used and machine readable form. Your systems and processes will have to let you truly ‘forget and delete’ data upon request from the individuals including long term archives.

How you use data will be more transparent

The rules on consent are getting tougher, and individuals can withdraw consent at any time. You’ll be required to articulate all of the ways in which you use personal data, and make it clear to individuals what their data is being used for and who you have shared it with.

Third parties could put you at risk

You will remain responsible for individuals’ personal data throughout the entire data lifecycle. You will have to assure that data you pass to third parties is handled in a manner compliant with GDPR.

Fines are getting bigger, and the timelines are getting shorter

Fines for non-compliance can be as severe as 4% of annual global turnover or 20m EUR – whichever is higher, enforceable from May 2018. You will be under legal obligation to notify data protection authorities within 72 hours of a data breach, and individuals without delay. You will have to keep records of your data processing activities, undertake privacy impact assessments and appoint a Data Protection Officer (DPO).

How can FS organisations prepare for the GDPR?

View our webcast exploring the impact of the General Data Protection Regulation (GDPR). We discuss whether financial services organisations are taking the GDPR seriously, what they should be doing in 2017 to prepare for the regulation, and what the challenges will be.

loading-player

Playback of this video is not currently available

Related content

Customer centric banking – aligning the GDPR and PSD II

Customer centric banking – aligning the GDPR and PSD II

Managing a large book of regulatory projects alongside a growing book of digital and simplification initiatives is already a considerable challenge for most Financial Services organisations. This challenge is now made even steeper by two regulations, the Payment Services Directive II (PSD II) and the General Data Protection Regulation (GDPR) that appear to be pulling in opposite directions. Download our paper, to find out how to successfully implement the strategy for GDPR and PSD II programmes.

Data Protection Officer: do you need to appoint one?

Data Protection Officer: do you need to appoint one?

The concept of a ‘Data Protection Officer’ (“DPO”) for organisations processing personal data has been alive and well for many years – already a mandatory requirement in some countries and best practice in others. However, for the first time the appointment of a DPO will be mandatory under the General Data Protection Regulation (“GDPR”) for many organisations regardless of their size or whether they are processing personal data in their capacity as a controller or a processor. But before you all rush out to recruit a DPO – stop, breathe and read this blog – you may be panicking unnecessarily.

Contact us

Rav Hayer
Banking Data & Analytics Partner, PwC United Kingdom
Tel: +44 (0)7841 468 296
Email

Craig Skinner
Insurance Data & Analytics Leader, PwC United Kingdom
Tel: +44 (0) 7734 974 406
Email

Follow us