Implementing the EU Data Protection Regulation
GDPR is changing international markets
Shifting financial and privacy regulations are creating new challenges for compliance in international finance and commerce. The European Commission’s new General Data Protection Regulation (GDPR), paired with innovative financial technologies, disrupts traditional models for the provision of services. The GDPR does not only apply to businesses operating in Europe, but to all businesses that regularly manage any personal data pertaining to European residents. Most major international businesses and financial institutions will fall within this scope. Key compliance issues in the next few years will include anti-money laundering/ counter-terrorism financing practices, de-risking, and implementing data protection governance.
Businesses and financial institutions that regularly provide goods or services to EU residents, or track the online activity of EU residents, have to provide for several new individual rights:
- Right to Be Forgotten: Personal data should be deleted when the data subject no longer wants it to be processed, unless there is a legitimate reason to retain the data (e.g., to complete a contract or comply with legal obligations).
- Informed Consent: More information is to be made available to individuals, in clear and plain language, about how their personal data will be processed. This applies especially to services intended for children. Informed consent to processing of one’s personal data must be indicated by a clear affirmative action.
- Data Portability: Data subjects have a right to a copy of their personal data in an appropriate format, and where possible, to transfer their data directly from one service provider to another.
- Individual Breach Notification: Data subjects have a right to be notified personally of data breaches that pose a risk to their rights and freedoms, without undue delay.
How should your business respond?
Implementing the GDPR can be viewed as an opportunity to improve practices and strengthen consumer trust. Data protection and privacy is an investment, and can be leveraged to become a competitive advantage. Strategy for ensuring compliance can incorporate or build upon other developments and initiatives to elevate your business.
Regardless of whether you are a data controller (the party that determines how personal data will be managed, and as such, has the primary responsibility to data subjects) or a data processor (typically a subcontractor engaged to help manage data), you have to demonstrate compliance and implement safeguards.
KI Design Team
Our international, multidisciplinary professionals provide the insight you need, wherever you need it. The diversity of our consultants allows us to create teams tailored to your needs, whether you are looking for readiness assessment, compliance evaluation, or technical design.
We work across specific market sectors, serving financial, Fintech, energy, healthcare, and government clients, as well as industry bodies and regulators. We are able to bring a complete market view to your projects.
Strong relationships with U.S., E.U., and Canadian regulatory bodies mean we can navigate regulations to find solutions or lobby for change where none can be found.