Our GDPR summary for Financial Services

The general data protection regulation (GDPR) is creating challenges that requires action from everyone in Financial Services.

This is the largest change to data protection legislation in the last 20 years, and regulators have unprecedented power to impose fines and will require widescale privacy changes across every organisation.

But it also represents a major opportunity to:

  • transform your approach to privacy,
  • harness the value of your data, and
  • ensure your organisation is fit for the digital economy

Live webcast : Where are Financial Services Organisations on their GDPR journey? 

Register for our webcast exploring the impact of the General Data Protection Regulation (GDPR). We discuss whether financial services organisations are taking the GDPR seriously, what they should be doing in 2017 to prepare for the regulation, and what the challenges will be. 

Register here

GDPR at a glance

It puts individuals back in control of their personal data

Customers and employees have more power to control how businesses use their data. You could be required to report on, move or dispose of personal data if requested and you must have the capabilities to do this. Your options for using personal data are restricted.

Data must be easily portable and forgettable

You must be able to provide individuals with their personal data in a structured, commonly used and machine readable form. Your systems and processes will have to let you truly ‘forget and delete’ data upon request from the individuals including long term archives.

How you use data will be more transparent

The rules on consent are getting tougher, and individuals can withdraw consent at any time. You’ll be required to articulate all of the ways in which you use personal data, and make it clear to individuals what their data is being used for and who you have shared it with.

Third parties could put you at risk

You will remain responsible for individuals’ personal data throughout the entire data lifecycle. You will have to assure that data you pass to third parties is handled in a manner compliant with GDPR.

Fines are getting bigger, and the timelines are getting shorter

Fines for non-compliance can be as severe as 4% of annual global turnover or 20m EUR – whichever is higher, enforceable from May 2018. You will be under legal obligation to notify data protection authorities within 72 hours of a data breach, and individuals without delay. You will have to keep records of your data processing activities, undertake privacy impact assessments and appoint a Data Protection Officer (DPO).

How can FS organisations prepare for the GDPR?

View our webcast exploring the impact of the General Data Protection Regulation (GDPR). We discuss whether financial services organisations are taking the GDPR seriously, what they should be doing in 2017 to prepare for the regulation, and what the challenges will be.

loading-player

Playback of this video is not currently available

Related content

Tackling the Brexit data challenge

Tackling the Brexit data challenge

Financial services firms should be taking steps now to understand what data challenges Brexit may pose. Data is fundamental to business models and increasingly taking advantage of technological advances for data analytics is seen as vital to stay ahead. PwC’s Leigh Bates and Conor MacManus discuss some of the key data challenges financial services firms face.

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.
GDPR compliance – financial services firms are amongst those in the lead

GDPR compliance – financial services firms are amongst those in the lead

Pressure from regulators and fear of getting it wrong have turned Know Your Customer (KYC) into an arms race of ever more stringent KYC procedures. The time is right to review these KYC policies and procedures and decide what is actually required and get rid of what is unnecessary.

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.
Customer centric banking – aligning the GDPR and PSD II

Customer centric banking – aligning the GDPR and PSD II

Managing a large book of regulatory projects alongside a growing book of digital and simplification initiatives is already a considerable challenge for most Financial Services organisations. This challenge is now made even steeper by two regulations, the Payment Services Directive II (PSD II) and the General Data Protection Regulation (GDPR) that appear to be pulling in opposite directions. Download our paper, to find out how to successfully implement the strategy for GDPR and PSD II programmes.

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.
Data Portability: how will your organisation unlock this right?

Data Portability: how will your organisation unlock this right?

Two months have passed since the Article 29 Working Party (“WP29”) published its “guidelines on the right to data portability." In this time, we have taken a deep dive into this new right through round-table discussions with our clients from a cross section of industries, and seminars internally with our PwC colleagues in various lines of service.

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.
Data Protection Officer: do you need to appoint one?

Data Protection Officer: do you need to appoint one?

The concept of a ‘Data Protection Officer’ (“DPO”) for organisations processing personal data has been alive and well for many years – already a mandatory requirement in some countries and best practice in others. However, for the first time the appointment of a DPO will be mandatory under the General Data Protection Regulation (“GDPR”) for many organisations regardless of their size or whether they are processing personal data in their capacity as a controller or a processor. But before you all rush out to recruit a DPO – stop, breathe and read this blog – you may be panicking unnecessarily.

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Contact us

Rav Hayer
Banking Data & Analytics Partner, PwC United Kingdom
Tel: +44 (0) 7841 468 296
Email

Craig Skinner
Insurance Data & Analytics Leader, PwC United Kingdom
Tel: +44 (0) 7734 974 406
Email

Follow us