GDPR – Our Experience

Printable Version

The General Data Protection Regulation (GDPR) has dramatically changed the data protection landscape for EU businesses and citizens when it came into effect on May 25, 2018. This new regulation has superseded the Data Protection Act (DPA) of 1998 and has strengthened data privacy in the EU. Personal data held by organisations on EU citizens is now subject to a strict compliance regime that gives these citizens control over their personal data, the justification for holding the data and the right to erasure or rectification of that data.

The arrival of these regulations was at first seen in the financial services industry as yet another burden on top of the already seriously onerous regulations being relentlessly piled on this already over-regulated sector. It seemed that this was the final blow in a death by regulation saga. Indeed it may well be that for some businesses. It all hinges on the ability an organisation has to move with these seismic changes and reinvent itself as a business set to survive in this futuristic landscape.

At DM Europe, having overcome the initial shock, we started to plough through the regulation, as one does, in order to understand what made these rules tick and how we were going to apply them to our organisation and data subjects. I will not pretend that this was easy or even enjoyable, but it was extremely useful and with unintended advantages. I will share our insights and realisations as we went through this process in the hope that it will give you confidence that you can indeed turn GDPR into an asset.

1) Lean and mean data systems

It all started with a review of the personal data that we held on clients and where it was held in the company. Importantly also the purpose for which it was held. This data was paper based and electronic. We realised that we had legacy and residual data that was not useful. This led to a major rationalisation of our paper and electronic files and review of all our databases bearing in mind statutory document retention regulations. At the end we were left with lean and mean data systems and a much clearer understanding of why and for whom we were holding all this personal data.

2) Greater client confidence

We did not rush into the acquisition of tailored GDPR software partly because of our own in-house capabilities and also because the benefit did not justify the cost. We reviewed our IT systems with a view to ascertain that they were robust enough to keep the data safe from unauthorised intrusions. Our customers are also now aware of our GDPR privacy policy. Both these factors have given our clients more confidence in our organisation as guardians of their personal data.

3) Reduced data maintenance costs

Complying with the GDPR has helped our organisation cut costs by prompting us to archive any data inventory software and legacy applications that are no longer relevant to our business. We have streamlined data so that as far as possible this is not duplicated across our systems. As a result of this, we have saved both physical and electronic storage costs. Simpler and more frugally held data has surprisingly translated into quicker and less complicated communication with our clients.

4) Moving with the times

We have been in business for over 30 years and like all businesses of long standing we do sometimes need a nudge or perhaps a push to move with the times. There is no doubt that the onslaught of regulation of the past few of years has motivated us on to keep up with the times and strengthened our resolve to remain relevant to our clients in the wake of all these changes.

5) Embracing change

Change is hardly ever welcome but it is a fact of life. We have always thought that as an organisation we were good at managing change. The implementation of EU regulations in our financial services industry in recent years has certainly put us to the test. We can expect that the onslaught of EU regulation will continue for the coming three to five years. Not knowing, or even being able to predict, what the financial services landscape will be like in any foreseeable future means that we can only recommend solutions to clients that are relative. Solutions, however, that are based on the fundamental principle of transparency and ones where a client’s corporate and personal planning support and reinforce each other.