The reason everyone is talking about digital compliance is because from May 2018, all organizations that fail to comply with EU General Data Protection Regulation (GDPR) will face heavy fines. Designed to empower all EU citizens with improved data privacy, the EU sees this act as “the most important change in data privacy regulations in 20 years”.
Digital Compliance has already had a significant influence on the financial services market. Operational in the EU since Nov 2007, The Markets in Financial Instruments Directive (MiFID) was designed to protect the investor. So far it has resulted in the four big UK banks having to pay $75 billion in penalties, and 20 global banks paying $235 in fines. However, when GDPR becomes effective, organizations can face fines of up to €20 Million or 4% of their annual global turnover (whichever is greater).
How does digital compliance affect your business?
These are the main components of the GDPR act which will affect your digital channels:
- Privacy from the onset: Data privacy must be built in from the onset of the product or service. This means that data protection needs to be part of the design of systems, rather than a later addition.
- Consent: Businesses will be required to prove that they have obtained unambiguous consent to process an individual’s Personally Identifiable Information (PII).
- Right to access: If requested, businesses must provide a free copy of the individual’s personal data in an electronic format within 30 days.
- Right to be forgotten: The “right to be forgotten” (also referred to as Data Erasure) entitles the individual to have the business erase their Personal Data and stop further dissemination of the data.
- Data Portability: An individual will have the right to request a copy of their personal data (in a usable format) and the right to transmit that data to another business.
How will businesses have to manage their data?
The implications of GDPR are far-reaching. Glassbox has written a white paper explaining how digital compliance will impact on managing your digital channels. Click here for details.
This is a summary of the key points:
- Businesses must keep full records of every customer session or online customer experience, which are secure, date-stamped, and tamper-proof.
- Every session on a business’s website or app will need to be recorded, and if necessary replayed to check if it contains PII.
- Data from every digital session will have to be stored for as long as it is required.
- Businesses must be able to easily retrieve every session relating to a specific IP address/surname/address immediately, even if the session was not completed.
- Businesses must have the capacity to find, extract, and export individual sessions if required.
- Businesses must be able to mask sensitive data so that PII is only viewable to those who need to see it.
- Data must be stored in a big data solution on the premises so the data resides securely in the data centre.
- A free text search ability to find every session if an individual wants to exercise his right to be forgotten.
At the end of the day, businesses must meet the requirements of the GDPR as well as enhance the website customer experience, decrease disputes, and improve overall regulatory digital compliance. No matter how regulations evolve across industries, the digital customer experience will be transformed. Those businesses that start making changes now in their digital data management and customer experience optimization will be the ones to avoid huge fees.
Your company can take many steps to be sure they meet compliance standards, both regarding company regulations and international policies such as GDPR.
- All employees should be trained on compliance policies and what they will involve. This includes what data they can access, and when they can do so, and also how much of the customer’s data they can access (and in the case of GDPR, what they can erase).
- Be prepared. Plan what you will need for any audits and make sure you know where to find the relevant information, how to retrieve it, and who can access it within your company. Doing periodic checks will also give you the opportunity to check for any holes you might have missed earlier.
- Think you’re missing something? Now is the time to talk experts and contact people who have the answers you are missing. Don’t hesitate to make the connections you need to remain compliant-it could end up costing you in the future.
Digital compliance solutions are not just for legal purposes, but for the peace of mind of your customers. Taking preventive steps to protect users’ data reassures them that it is safe to complete transactions without worrying that their information is at risk. Putting compliance first in your security priorities is essential for an effective long-term risk management strategy.