Member Article
DST and IFDS Launch a GDPR Checklist
- UK firms will still need to comply with GDPR, even in a post-Brexit era
- DST and IFDS identify six areas of focus for firms handling personal data on EU citizens
DST (NYSE: DST), a global provider of specialised technology, strategic advisory and operations outsourcing to the financial and healthcare industries, and International Financial Data Services (IFDS), a provider of outsourcing and technology solutions, have today launched their General Data Protection Regulation (GDPR) Checklist to highlight some key areas that firms need to address in advance of the regulation taking effect on 25 May 2018.
Whilst GDPR is a European regulation, and the UK has opted to leave the EU, it remains vital for UK firms to be prepared. GDPR applies to all firms handling personal data on EU citizens, regardless of whether or not the firms are based in the EU. The cost of non-compliance is punitive with firms breaching the regulation facing fines of €20m or 4 percent of their annual turnover, whichever is larger.
The DST and IFDS Checklist highlights six key areas that companies should review:
Handling Consent: Some organisations have consumer consent policies in place today that will not meet the GDPR guidelines. If it is not clear to customers how firms will use their data, the company handling that data will face potential fines. Firms must look at their consumer consent profile and understand what it is, how they are using data for profiling and how that aligns with the consent obtained. Data Protection Officer: Many organisations will be required to appoint a Data Protection Officer (DPO) in an independent role who reports to the highest level of management. The DPO will be responsible for monitoring compliance to GDPR, advising on data protection impact assessments, training staff, and ensuring the organisation is handling data requests appropriately. Organisations need to identify the correct person for the role and make sure the DPO has sufficient resources to perform his or her duties.
Suitable Technology Systems: Organisations must audit their existing systems to check whether they have the right technology to comply with GDPR. After review, firms must decide whether they need to install new technology or update existing systems to be compliant. Vendor Management: An organisation’s suppliers must also comply with GDPR. Firms must audit their suppliers to ensure that they are complying with GDPR, are financially robust and will stand up to regulatory scrutiny if a breach occurs. Individual’s Rights/Data Landscaping: Under GDPR, firms must be able to respond to data requests from individuals and therefore need to know where they hold customer information.
Data Protection by Design/Accountability: Organisations must implement processes so that they understand what data they collect, where they store it, with whom they share it, which countries to which they transfer it, and how long it will be until they delete it when no longer needed. Organisations must be prepared to prove these processes are in place to the satisfaction of a regulator.
Ruaraidh Thomas, Managing Director of Applied Analytics at DST, commented: “GDPR is coming and companies need to be prepared. While there are compliance costs, the costs of potential fines and the chance to lose already compliant business relationships are likely to be far higher. Companies need to be ready to respond to information requests and develop processes to make this more efficient.”
“However, GDPR will mean that firms will be better informed about the information they hold and will have greater insight into their customers’ behaviour. They will also gain a better understanding of how to deploy their workforce to achieve operational efficiencies. Ultimately, if approached in the right way, GDPR can open up considerable opportunities for businesses that are prepared for the new regulations.”
To view the full checklist please visit:
http://www.dstsystems.com/insights/general-data-protection-regulation-gdpr-checklist/Alternatively, to discuss the General Data Protection Regulation in more detail please email Ruaraidh Thomas, Managing Director of Applied Analytics at DST: rthomas@dstsystems.com
This was posted in Bdaily's Members' News section by Ruaraidh Thomas .