As Brexit discussions rumble on HPS Project Managers can see that European Union regulations governing data protection are set to impact the UK’s services sector. The EU General Data Protection Regulation (GDPR) is due to take effect in the UK from May 25, 2018. But project managers across Europe are concerned about the impact are data privacy auditing and compliance issues may have across the broader financial services system.
The revised Payment Services Directive (PSD2) was passed by the Council of the European Union on November 16, 2015 giving member states two years to incorporate the directive into national regulations. The idea behind the move is to improve protection of consumers when they pay online.
Peter Ryan, a GDPR specialist with financial software vendor Temenos says, “Many financial institutions are embracing PSD2 and ‘open banking’ as a way of improving customer service, and to compete more effectively on price,” “But with up to 4 per cent of global turnover or €20 million as a penalty, financial service companies are also taking a whole raft of measures which is having a knock-on effect on the way systems, processes and partnerships are delivered,” he said.
John Culkin, director of information management at Crown Records Management, agrees that the main change in data privacy regulation is from a reactive to a proactive emphasis. “While it used to be the case that businesses were required to protect data, there was not an explicit requirement for them to be overt about what they were using the data for,” Mr Culkin explains. Unless the issue was major, privacy breaches all too often went unreported as a result. “The new world requires businesses to practise privacy by design, be open and transparent with the data they have, and what it is going to be used it for,” he says.
Overall HPS can see that GDPR can be a good thing for the consumer at least; but for the financial services providers themselves they will have to be on top of their game. The regulators will have finally grown some real teeth with the sole intent of keeping the sector in check. HPS would be interested to know how organisations ensure that their investment portfolios take account of mandatory investments.