Regulation, acronyms and something about data... not exactly riveting reading you might think. However a combination of the three elements in the title of this post, are having a steady impact on banking, payments, and the capabilities of any business that deals in customer data.
GDPR or the General Data Protection Rules is European Union legislation which comes into force in 2018 and updates the data protection responsibilities of firms. Headline grabbing element is the potential 4% of turnover fine for not complying! However the emphasis of the regulation is that firms understand the data they use and for how long, have controls in place to protect it, and only use it for the purpose agreed. Pretty important when there are "WannaCrys" out there.
Similarly the Payment Services Directive 2 (PSD2) regulation is about improving the opportunities for innovation in how we make payments. This regulation is a bit more specific in affecting companies who provide payment services. It is linked to "Open Banking" where types of data held by organisations should be made easily and securely accessible, to improve consumer choice and access to services.
Meeting regulation can be a tick box exercise to do the minimum to comply, however this is where the strategic data model element comes in. Having a deep understanding of the data used by an organisation, identifying clear owners for all parts of that data and where it exists within the organisation, as well as the ways that data will be managed doesn't just meet regulatory requirements - it is a precursor for competitive advantage in digital businesses. Businesses that aren't digital will have a challenge to compete.
So whilst 74% of Chief Information Security Officers (CISOs) quoted in the article below, have complying with this regulation high on the agenda, a more interesting statistic would be how many CEOs and COOs are prioritising the underlying data management capability to future proof their business?
According to data from Network Group Events’ 2017 Financial Services Information Security Network, 52% of CISOs working in the finance sector have made General Data Protection Regulation (GDPR) compliance an investment priority. The data, gleaned from 70 financial services CISOs or security heads, showed that they are getting their act together for GDPR. Three-quarters (74%) of the CISOs have prioritised security governance and compliance management in cyber security strategies this year, compared with 64% last year.