Tom IvellPartner at Oliver Wyman
Tom Ivell is a partner at Oliver Wyman, based in the firm’s Zurich office. He manages Oliver Wyman’s European Conduct, Compliance, and Non-Financial Risk offering.
As the volume of data being generated about individuals increases, technology is making it ever easier for that data to be transferred, and ever more powerful analysis allows valuable insights to be gained from it. How companies collect, process and protect data on their customers, staff and suppliers has turned into one of the biggest debates of our decade.
On the one hand, digitization brings opportunity: to enhance the customer experience, to drive down costs, and to create new business models that make use of digital assets. On the other, digitization creates a raft of new threats, whether from competitors who use their own digital assets to disrupt existing businesses, cybercriminals able to steal or “spoof” digital identities or fraudsters who infiltrate the digital economy to perpetrate large-scale financial crime.
The General Data Protection Regulation (GDPR), due to go into effect in May 2018, is one of the European Union’s legislative responses to this development. GDPR sets a common standard for how firms that operate in the EU should protect the personal data of their customers, employees and suppliers. From 2018 onward, individuals will have a range of rights that give them greater control over their data (such as the “right to erasure,” also known as “the right to be forgotten”), while firms will face new obligations (including capturing and recording unambiguous consent for use of personal data).
The more data a firm collects, processes and shares with other data controllers, the more significant these requirements become. Financial services firms typically serve thousands, if not millions, of clients, deal in complex products that require access to customer data and frequent customer interaction and often employ a large and geographically dispersed workforce.
Financial Services are also beset with a number of historical challenges, including:
Financial firms now face the task of reaching regulatory compliance during the short term while preparing themselves for the privacy requirements of the future. This end state can be achieved in manageable, logical stages as outlined in the above graphic.