Some businesses owner’s awareness of how Europe’s General Data Protection Regulation (GDPR) will impact their business is “bordering on negligent”, said Adam Ryan, chief commercial officer or Calligo, a cloud service provider offering mid-sized companies data privacy and security.
“There is an alarming lack of knowledge,” he said, speaking at a GDPR panel debate on Thursday.
Ryan argued that many board-level individuals are not engaging with GDPR because they do not want to take the blame if something goes wrong.
“GDPR is driving a truck through one of my clients’ business model as far as I can see,” said Ryan, speaking about a company runs a B2B introductory lead generation system.
“For some businesses, GDPR fundamentally changes how they operate”
“Their response [to GDPR] is ‘we really need to do something about that’. Their level of awareness was bordering on negligent because this is their core business and core value to their customers.
“For some businesses, GDPR fundamentally changes how they operate,” he added.
Julian Box, co-founder of Calligo, argued that many businesses are ignoring GDPR because they don’t believe that regulators will be able to enforce the regulation.
Many of GDPR’s processes should have been put in place years ago, argued Robert Bond, solicitor and notary public and a certified compliance and ethics professional.
“GDPR is not prescriptive. Everyone is waiting for ten boxes to tick but it is not about that,” said Bond.
Every business will have to work out what its risk appetite is and how it can implement processes for the procedures to be accountable
Box agreed: “You can’t be GDPR complaint. GDPR is every that makes you non-compliant literally a second later. We go out of our way to never use that word complaint.
“Wetherspoon’s deleted a huge chunk of their customer data as they thought it wasn’t worth the risk. That doesn’t work for all business but I thought that was quite an educated response.”
However, Bond said that once a company has started implementing procedures to meet GDPR expectations, businesses should market it as a competitive advantage.
The EU’s data protection is about privacy, not IT security
Ryan pointed out that many companies are taking a technology-focused response as they look to improve security, “but this isn’t all about security, it is about privacy. People are keeping data that they shouldn’t have. It might be protected but they shouldn’t have it in the first place,” he said.
“Wetherspoons has deleted a huge chunk of its customer data as it thought it wasn’t worth the risk. That doesn’t work for all business but I thought that was quite an educated response. The management thought it just wasn’t worth it.
“You need to understand why you have data and what legal framework for keeping data you have anyway,” said Ryan.
Several people on the panel predicted “ambulance chaser” law firms offering ‘no win, no fee’ court cases if a business was found to be holding illegal data under GDPR.
Once consumers know what their rights are, there will undoubtedly be those with grievances against businesses that will use GDPR to air those grievances, panellists agreed.
Bond argued that compliance will trickle down from large multinational companies.
“The more regulated and multinational the business is, generally the more aware it is of compliance and regulatory issues. But out of all of those multinationals that I have advised over the years, there isn’t one that has put in place compliance programs because they should do. It is because something has gone wrong to make them do it,” said Bond.
However, Bond believes large multinationals business will refuse to do business with smaller firms if they are not implementing GDPR, causing it to flow through industries.
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
As the May 25 deadline for Europe’s General Data Protection Regulation (GDPR) inches closer, many treasurers are being lumped with the task of ensuring their wider company is compliant.
APIs may be a solution to MT940 challenges, says Karen Fagan, treasury operation manager, for British television company, ITV.
Kicking off day two of the Singapore Fintech Festival, Deloitte Chairman David Cruikshank said that fintech is significant for three reasons. First, customer expectations of services are higher than ever. Second, barriers to entry are lower than before. And finally, financial institutions (FIs) face a threat of what a competitor might do.