What is GDPR
To begin with, the main aim of GDPR lies in empowering all EU citizens because it will help them to find out easily everything about their data which is held by different institutions and to be aware of their rights for protecting themselves, namely their personal info. This compliance must be ensured by every organization until May 25, 2018.
By the way, there are five areas of the GDPR legislation which is going to have a huge impact on the sector. So, one of the most significant ones is client consent. Due to GDPR, personal data is considered to everything which is connected with the identification of individual including a name, email address, IP address, profiles in social media networks and social security number.
Individuals will know exactly what companies hold their personal information because firms will be obliged first of all to gain consent from the customer if this company is able to gather his or her personal info. Moreover, organizations must also define the purpose of info collecting.
Right to data erasure
The next thing is right to data erasure. It means that thanks to GDPR all citizens of Europe have the right to privacy of their information. Furthermore, every individual can request to have access to this data or even to remove it from banks without any outside authorization. It is called data portability. Of course, a financial institution can keep certain information, but it is not allowed for them to refuse the requests of individuals which are connected with their personal information.
Сonsequences of a breach
The third area is known as consequences of a breach. Now firms are not able to adopt their own protocols in the case of a data breach without reporting about it. Data protection officer should immediately report all data breaches to the supervisory authority of personal data. It is important to point out that this information should be reported within 72 hours. All details which are connected with the nature of the breach, the categories and estimated number of individuals who were influenced and the contact information of the data protection officer should be mentioned in this notification.
The fourth branch which will be also greatly influenced by GDPR is vendor management. Naturally, IT systems are very important for all financial firms because the client info always passes through several IT applications. Consequently, firms should know about every data flow which exists in its different systems.
What is more, external vendors can often have access to personal client data. But due to GDPR, organizations become fully responsible for all clients personal information that they hold.
And the final area is pseudonymization. There is no matter where the information of individuals can be found GDPR applies to all potential client data. Sometimes the data can be masked across some environments which are non-production for hiding sensitive client data. However, according to GDPR, all information must be pseudonymized into artificial identifiers in the live production environment.
To sum it up, we can see that GDPR Impact is very great in many areas, so companies should stick to the rules of GDPR.