Data is increasingly shaping society, and its regulation is evolving. Andrew Bud, CEO and founder of cybersecurity business iProov, speaks about the positives and the negatives of GDPR. Briony Richter reports
In what is set to be the EU’s most significant data shake-up, banks and other companies will face even stricter consequences for failing to securely store consumers’ financial and personal data.
Go deeper with GlobalData
The General Data Protection Regulation (GDPR) comes into action on 25 May. From banks to governments to supermarkets, data is now at the heart of everyday operations. GDPR will override the existing Data Protection Act (DPA) of 1998.
Although similar to DPA, GDPR is more focused on strengthening data privacy. Under the new regulation, organisations across the EU, and those that process EU citizens’ data, will have to get specific and clear consent from consumers for data collection.
GDPR will give consumers back control over their personal data and harmonise the regulatory ecosystem by uniting regulation across the EU. Bud believes GDPR will positively change the industry.
He tells EPI: “The most important thing is Pan-European alignment. The challenge in the past was you had the old data protection directive, but that got implemented and interpreted differently in different countries.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“For example, in the UK an anonymous face is not considered personal data; in Germany it is. Therefore, the process is totally different in those two countries. That makes trying to build a pan-European services business extremely challenging because you’ve got two different types of regulation.
“Now, GDPR to a significant extent standardises that across Europe because it’s not a directive, it’s a regulation; that means it applies as written everywhere.”
Furthermore, similar to Open Banking, GDPR will let organisations have a greater understanding of individuals’ data. With that data, financial organisations can address the needs of consumers more accurately.
Fines
With GDPR just around the corner, banks and financial institutions have had a wake-up call for data security.
“It creates a clear framework for stewardship of personal data – to ensure that people’s data cannot be stolen or abused,” Bud states.
Personal data is shared constantly every day through multiple organisations. In the past couple of months, data breaches from Facebook and Cambridge Analytics have become the centre of attention, highlighting the urgent need for GDPR to hold companies to account.
If companies fail to demonstrate that they safely store personal data, there will be heavy fines. More notably, GDPR gives more control to the customer to hold financial institutions and other companies to account.
Bud explains: “To be fined, you have to be found to be recklessly incompetent – it specifically says that individuals can sue for damages; that’s huge. In the UK it hasn’t been possible to sue for non-monetary damages: if there was a data breach under the data act currently, you could only sue for direct monetary loss.”
If a bank or financial institution suffers a breach, they must inform the information commissioner’s office immediately and take measures to minimise the damage.
iProov takes no shortcuts when it comes to protecting its systems. “We at iProov have been firm in making sure that building our systems has been done in a way that means, if we are attacked, we will know about it,” Bud explains.
The company’s strong reputation for facial biometric security has reached overseas. In April, iProov was awarded a contract from the US Department of Homeland Security
In order to make travelling across borders more secure, iProov will support the US Customs and Border Protection in improving the passenger entry operation process by utilising its facial biometric technology. The technology iProov provides will be able to detect whether facial identification given has been copied.
GDPR requires that every organisation demonstrates that it processes data securely and fairly. By demonstrating how data is stored and used, banks and financial institutions will be able to build better customer relationships and restore the trust of individuals in the processing of their data.
Bud highlights the standard GDPR sets to the rest of the world. “Planting the stake in the ground that demands companies to steward people’s personal data as carefully they steward people’s money is an unmitigated good. I think the rest of the world will turn to GDPR.
“The reason that London is a huge global financial sector is that people trust the regulation here. The reason that Europe will become a huge data centre is because people trust the regulation.”
One of the key provisions of GDPR is that many things will now require consent from the consumer, but also that the consumer has to fully understand what they are agreeing to.
“Up until now it’s been possible for a company to present a consumer with, for example, a 90-page privacy document that the consumer could agree to, and that was considered consent.
“I don’t think it’s very transparent. GDPR is much stricter about saying that this consent has to be structured in a way that is informed and comprehensible.”
Bud believes GDPR offers organisations the opportunity to transform their business operations. Consumers are increasingly aware of how valuable their personal data is to businesses. However, trust has become a major issue for incumbent banks.
What GDPR can support is transparency, and that transparency should lead to an increase in trust from consumers.
