Banking industry was widely put under regulations by the European Union. Anti-money laundering (AML), Payment Service Directive (PSD2), Markets in Financial Instruments Directive (MiFID II), Foreign Account Tax Compliance Act (FATCA) – these are all compliance requirements that imply collection and processing of personal data. And now all of them cross GDPR regulations.
GDPR compliance in a big company is a complex process; now GDPR adds an extra layer that makes things even more challenging for the financial sector.
Appointing a DPO (Data Protection Officer) does not entirely solve the problem, as he or she is not personally responsible for the organization’s GDPR non-compliance. To put it in plain words, responsibility is distributed between DPO, CEO/ Board, data stewards and other persons involved in the process.
How to balance GDPR and banking compliance
Bottom line: Financial organizations must implement the appropriate measures in order to achieve full compliance. They must identify the responsibilities they assumed and the necessary resources to fulfill them. Also, they need to make sure they have implemented a workflow which allows periodically revise of the activities they have responsibilities for. And whenever there is a doubt or a concern, it’s necessary to ask the DPO’s advice.
This article contains the main ideas presented by Sypher Solution at “Banking Compliance Summit 2019”, an event organized by Romanian Banking Institute.