GDPR: Countdown & conjecture
Our whitepaper highlights five themes in terms of the challenges and opportunities 2018 poses for financial services.
The GDPR aims to harmonize European member state privacy laws but will also introduce sweeping powers for regulators and, in turn, comprehensive enterprise risk and fines similar to those for breaches of anti-trust and competition law.
Not surprisingly, media and industry commentators are paying close attention, with inevitable countdowns to the May 25 deadline and conjecture about regulators making early examples to show their ‘new teeth’.
Paysafe’s latest Whitepaper, 2018’s legislative trifecta: Changing the face of e-commerce, explores the three intergovernmental regulations and mandates that will change the face of data security and customer privacy in 2018.
The Whitepaper highlights five themes in terms of the challenges and opportunities 2018 poses for financial services.
1) Privacy and Data Protection: more than just security
Focusing on security without privacy would be like having a house made of bullet-proof, transparent glass. Sure, no one will get inside, but your personal life is still on display to all. In the modern era of user-centered e-commerce and connected business, security of data and systems as well as wider customer data privacy must be managed holistically.
2) At the compliance coalface
- Proactive proof of compliance: Organisations will need to establish and maintain evidence logs in readiness to submit to regulators in the event that a complaint is made against them. The evidence required going forward may include any ongoing reviews or quality assurance and updates to compliance measures, maintenance of breach registers, data flow maps to show where personal data are held and transferred, and accountability registers for risk owners so that individual business leaders within your organisations, responsible for processing personal data, can demonstrate compliance with the requirements by taking a ‘privacy by design’ approach.
- Breaking old habits: The “’But we’ve always done it that way” excuse will not cut it under the GDPR. One of the greatest challenge may be education and awareness among those functions, such as sales and marketing, that need to adjust tried and tested strategies and plans to ensure compliance past May 25.
3) Special category data
Under the GDPR, biometric data will be classified as ‘special category data’ meaning privacy, identity and security will be critical to the next generation of data-driven businesses. Where biometric data is to be collected, careful consideration must be given to the implications of a data breach where the very essence of an individual, their uniquely personal identifiers, are lost or in some way compromised.
4) Frictionless payments: A convenience vs security conundrum
The increasing adoption of biometrics as a default payment mechanism and the deeper penetration of digital identity technologies are paving the way for frictionless payments to become a full-blown reality.
As Paysafe’s Lost in Transaction research report found, the balance between frictionless payments and robust security measures is a delicate one. The convenience versus security conundrum will continue to challenge business leaders looking to capitalise on the anticipated lift in global ecommerce revenues from $1.3 trillion in 2014 to $4.5 trillion in 2021.
5) Levelling the playing field for SMBs
In most modern economies, small and medium-sized businesses (SMBs) now drive a substantial portion of revenues and governments are aligning both growth programmes and tax regimes to accommodate this economic shift. The implementation of the GDPR, e-Privacy Regulations and PSD2 Directive are intended to make trading easier for SMBs and to stimulate growth in this sector.
Being small is less of a disadvantage in today’s digital world. Indeed, SMBs are often more agile and able to react in a more timely manner to data-derived insights than their larger counter parts.