In contrast to industries that are caught off-guard by GDPR compliance requirements, financial institutions are used to following regulations. By leveraging synergies with existing efforts, privacy management can be integrated into their compliance program quite easily. Here’s our top suggestions for how compliance experts can use existing work to create a top-grade GDPR and privacy program.
Leverage existing structures
GDPR affects every company, and most are not used to multiple levels of defence risk management, nor interpreting and implementing external regulatory requirements.
Regulated companies have a benefit here, and existing governance structures and internal understanding and culture may help. For example, existing incident and escalation processes can be used or built upon, reporting structures and decision-making processes can be used or copied, and asset and process ownership is probably already set.
Compare with requirements to manage funds
Companies managing other’s funds are used to requirements to handle them responsibly and securely, knowing it’s not the company’s funds and negative effects can be severe if the funds are lost or misused. Privacy management is much the same – the person the data refers to must be respected and treated fairly, because it’s their integrity that’s at stake, and negative consequences can be severe if the data is misused or fall in the wrong hands.
How financial institutions can get ahead
Those working with risk and compliance have many things to consider, and privacy risks may not necessarily be the top priority. License-dependent requirements will always come first. Therefore, it’s important to identify and focus on key risks and automate the work and simplify as much as possible.
Want to get more tips on how financial institutions can build successful privacy programs? Download our e-book on privacy ROI or check out our podcast interview with Klarna’s former VP of Privacy.