GDPR - are you really ready?

Many banks have been working hard to ensure they are in a position to comply with the General Data Protection Regulation (GDPR) – a regulation driven by the EU with a global reach. GDPR has a broad scope for protecting personal data, with far-reaching consequences in terms of 'extra-territoriality'. It has every potential to hit firms with punitive fines for breaching guidelines – up to 4% of annual revenues.

Gaining awareness of GDPR and its implications worldwide is expected to be highly challenging for non-EU-domiciled firms, which may have clients or staff who are EU citizens. Even though many firms will be affected by GDPR, unfortunately awareness levels appear to be very low outside the EU, not only regarding the regulation itself, but also its requirements and the complexity it will add to business processes.

There are also differences between the underlying emphasis of US and European legislation in this area. The EU focusses predominantly on the rights of individuals, whereas US regulation focusses on the rights of companies to process and manipulate users’ personal data. ‘Safe harbour’ has already been rendered obsolete and working through the contradictions in rules will be challenging.

To discuss this topic further, please get in touch with our specialist