GDPR is coming. What is it? Legislation that gives every European citizen the right of access to his or her own data. For financial institutions, ITDS Director Gerrit Vos sees challenges, but mainly opportunities.
Everyone agrees that you should be the one that decides who can use your data. From May 2018 this situation will be clearer because that’s when the General Data Protection Regulation (GDPR) – which guarantees this fundamental civil right – comes into force throughout Europe. In all likelihood this fundamental right to privacy will be high on the agenda during the foreseeable future. Public service organisations such as the Netherland’s “Postbus 51” and Dutch TV programmes like Radar have already said they’ll be giving it a lot of exposure.
RIGHTS AND OBLIGATIONS
The GDPR differentiates between individuals’ rights and organisations’ responsibilities. As a customer, for example, you’ll be able, at any time, to ask your insurer or bank what data they have stored about you. Additionally, you’ll be able to ask them to delete data about you that’s no longer relevant from their systems, or transfer it to other (financial) institutions.
These are rights that we, as consumers, undoubtedly endorse. But are you also ready for the responsibilities? Not only are organisations expected to correctly implement this new legislation for every customer, they are also obliged to treat the customer’s confidential data respectfully. It means storing the data in a secure environment and not exchanging it with third parties without the explicit consent of the owner.
RESPECTFUL AND TRANSPARENT
You could, of course, see this new legislation as a burden, a time-consuming chore that offers you nothing in return. But why not turn it around – and see it as an opportunity? By giving customers access to all their data and being open about your processes you’ll remove all semblances of secrecy. You’ll show your customers that you are respectful of their data and that you are transparent. This will go some way towards restoring the industry’s good name after its erosion these past few years. For customers, it’ll be good to know that it’s not merely about rules of conduct, but that a Personal Data Authority will ensure compliance with the GDPR, and step in if the need arises.
And the GDPR will have an added benefit. It will compel us all to take a critical look at our systems, databases, mail archives and filing cabinets and delete data that’s old and no longer relevant. It’ll be like a big spring clean, after which everything will smell fresh and fruity.