Tag Archive for: GDPR

Blockchain versus GDPR and who should adjust most

| 18-10-2018 | Carlo de Meijer | treasuryXL

It has now been more than four months since the European Union General Data Protection Regulation (hereafter GDPR) came into effect. This regulation aims to strengthen privacy and personal data protection in the EU, by giving private persons more control over their personal data. But it also offer a uniform set of regulations for businesses with customers in the EU region, with the risk of hefty fines in case of non-compliance.

This event however has caused a lot of concerns in the blockchain industry. At first glance some GDPR provisions seem in direct conflict with the fundamentals of blockchain technology, and may even be intrinsically incompatible with what the new European privacy rules seek to uphold. For blockchain the most controversial GDPR mandate is the “Right to be Forgotten”, giving individuals the right to request that their personal data be removed from a record. Because of its decentralised character with immutable blockchains, data however cannot be deleted. Blockchains are designed to last forever. That puts blockchain in direct opposition to the GDPR.

Main question is: Are there ways to be found so that GDPR and blockchain may co-exist? Can blockchain work properly in tandem with the new GDPR regulations without harming its fundamentals? And how should regulators react?

EU General Data protection Regulation (GDPR): what does it mandate?

The General Data Protection Regulation (GDPR) is a far-reaching privacy legislation that is designed to enhance the protection of personal data and give individuals in the EU greater control over their own data. The GDPR is requiring not only transparency into what companies will do with consumer data, but also mandating clear consent mechanisms to ensure that consumers understand what companies are sharing, with whom, and for what purpose. GDPR thereby regulates the collection, processing, transfer and retention of every EU citizen’s personal data, requiring companies to provide visibility and control to individuals, on demand. Non-compliance with GDPR can result in heavy fines.

GDPR however has a number of key provisions that could heavily impact blockchain.

Read the full article of our expert Carlo de Meijer on LinkedIn

 

Carlo de Meijer

Economist and researcher

 

GDPR: From compliance headache to business opportunity

|24-07-2018 | Reuters | treasuryXL |

The Information Commissioner’s Office has described the new GDPR laws as “the biggest change to data protection law for a generation”. Businesses will face a maximum fine of up to £17 million or 4% of global turnover, if they breach the EU rules. These are critical, but turbulent times for businesses across Europe. However, if organisations of all sizes play their cards right, GDPR can be transformed from a compliance nightmare, into a business advantage.

Competitive advantage

“General Data Protection Regulation is generally seen in a fairly negative light, particularly by organisations. But I think there is a huge opportunity to differentiate services based on trust. The consumer gains from interaction with any institution,” according to Managing Director and Data Protection Officer at Barclays, Jon Rees. He adds: “Our recent research has shown that the number one concern – across many different demographics and usages – is security of customer information, and how it’s being used. There’s a competitive advantage to be had by applying GDPR in a positive way.”

Consistency by design

As a ‘complex corporate’ itself, Barclays has seen another major benefit of GDPR, and that’s the obligatory enforcement of good practice and consistency by design across organisations, in terms of the harmonising of data systems. While it’s still early days, transparency is fast-becoming the buzzword of GDPR’s inaugural year.

Consumer confusion

There are, predictably, some areas of confusion that are emerging, especially for consumers – in part accelerated by miscommunication. People are confused about what their individual rights are when it comes to personal data and consent, and right to deletion. Some are interpreting consent as: ‘unless I’ve given a firm my approval, it has no right to use my data’. While this is not correct, the lack of understanding is unsurprising, given the complexities of GDPR and it being in its infancy. However, this is where businesses can once again shine. Those that are helpful, and offer clear communication with their consumers on GDPR, will come out on top as trustworthy brands that always put the customer first. A more consumer-centric approach is, after all, at the heart of GDPR.

Visit the website of Reuters to read the full article.

 

[button url=”https://www.treasuryxl.com/contact/” text=”Contact us” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

GDPR and its effects on the bottom line

| 15-02-2018 | treasuryXL |

On the 25th May 2018, GDPR – regulation by the European union – will come into effect. It requires any company that does business within the EU to protect the privacy relating to the data held on consumers, as well as restricting the types of data that can be collected. Obviously, this will mean extra expense for companies as they have to invest in systems and procedures to meet their obligations. However, a recent report by Deutsche Bank has shown that the implications of implementing GDPR could also have an impact on revenue.

At present, large companies like Facebook and Google collate data about their users. Mainly, this data is used to present advertising to the individual based on the analysis of the data showing where they have clicked onto etc. The scope of GDPR is very large and such large companies would not be able to deny access to their users if they decide to opt out of data use.

GDPR defines a principle of purpose limitation, This states that personal data must only be collected for specified, explicit and legitimate purposes and not furthered processed in a manner that is incompatible with those purposes. This could impact on the revenue stream of such companies.

Google receives approximately 33% of their revenue from Europe. Deutsche bank concluded that if 30% of European users opted out of data sharing, this could affect revenue by 2%. Google and Facebook receive around 75% of all online advertisement spending.

At the same time, research suggests that a quarter of a billion users of news site readers have already installed ad-blockers.

The effects on revenue for websites that actively use data supplied by the actions of their users is difficult to quantify, but it will have an impact. Companies will have to look closely at their projected revenue from online advertising and ask if the figures are too optimistic in the light of this legislation.

If you want more information please feel free to contact us via email [email protected]

 

Update Fintech Belgium Summit 2017

| 29-12-2017 | François de Witte |

On 14/12/2017, Fintech Belgium organized the 2nd Fintech Belgium Summit, a one-day conference to discover the deep innovation, technological and societal impact FinTechs have on our world.  There were over 500 participants, and this was a good opportunity to meet all the stakeholders in the Belgian Fintech ecosystem.

Main messages gathered from the workshops

The first stream has been focusing on the regulatory side. PSD2 and GDPR will have in 2018 a high impact on the market. There has been a request to better harmonize the legislation in this areas. Even in the PSD2 domain, the latest version of the RTS on SCA and Secure Communication still contains some blind spots. Another recommendation is that the authorities would set up a competence center to assist the FinTechs in the myriad of the regulatory framework.

The 2nd stream has been focusing on the innovation impact: How has the financial industry reacted to innovation? Make, Buy, Join or Break…. One of the main issues encountered by the banks is that the profiles of their people are not adapted to the innovation, and hence large HR and educational efforts will be required. Banks will have to adopt flat and member centric organizations to become more agile and data driven.

The testimony of Resolut clearly demonstrated the power of new entrants in the arena, enabling companies to drastically reduce the cost to access banks. However, some banks start also interesting initiatives in this area, with forefront runners such as BBVA, Nordea, Deutsche Bank, Hello Bank, ING (ylot) and Fidor.

In the afternoon, there was an interesting workshop on open banking with BNP Paribas Fortis, Baker McKenzie and Ibanity focusing on the new ecosystem, where some banks will position themselves as API Producers, focusing on their unique value propositions, whilst some others will position themselves as API consumers, offering aggregated services and acting as “matchmakers”. Marc Lainez, CEO of Ibanity, mentioned that FinTechs are not a threat to banks. The real competition for the banks are the GAFA. Hence  Banks and Fintechs need need to work hand in hand together to develop new solutions.

The conference finished with a stream dedicated to the technological impact. Blockchain and cryptocurrencies were high on the agenda. There was a clear consensus that Blockchain technology will be leading, also for Regulators. A lot of use cases were mentioned, e.g. in the area of trade finance and the document handling. Regulation will be key to further increase the adoption of this new technology. On the ICO (Initial Coin Offering) the opinions were more mixed, as there are quite some challenges to overcome, such as the setup of supervisory controlling institutions and the volatility of the cryptocurrencies.

Conclusion

This conference was a good forum to get an insight in the Belgian FinTech market. I saw a lot of interesting initiatives, and am a strongly believer of the increased cooperation between banks and FinTechs, the so-called Fin-Integration. 2018 will be challenging for all of them.

François de Witte – Founder & Senior Consultant at FDW Consult and Senior Expert – Product, Business development and sales manager at Isabel Group

 

[button url=”https://www.treasuryxl.com/community/experts/francois-de-witte/” text=”View expert profile” size=”small” type=”primary” icon=”” external=”1″]

[separator type=”” size=”” icon=””]

2018 new regulations – collaboration between corporate treasury and internal departments

| 27-12-2017 | treasuryXL |

Collaboration

2018 is looking to be one of the busiest years for new regulations. Among the new regulations will be MIFID II – which will have an affect on many different aspects of trading; PSD2 – which will allow agreed third parties to access your bank accounts; GDPR – which defines our rights to have our personal data deleted and how personal data is stored; BEPS – which aims to reduce the movement of profits to more tax efficient locations and will affect internal reporting; IFRS9 – which brings new rules for hedge accounting. All these new regulations will require collaboration between many departments – not just treasury.

Information and Knowledge

To be able to work together, and improve existing efforts at collaboration, there must be a free flow of information and knowledge to all stakeholders. This will entail storing all relevant data in a centralized point with access for all stakeholders, whilst meeting the security requirements as to who can view, edit and contribute the information. By sharing the information, a mutual respect of the needs for each department can be better appreciated and existing inter-departmental walls can be torn down.

Define tasks and workflow

In any project environment managing the workflow and monitoring all the requests can be labour intensive and time consuming. Requests need to be managed with a clear structure and be transparent to all participants. Tasks need to be assigned and workflow needs to be consistent allowing everyone to see the status of all work activities. This should increase efficiency with the group and allow for a good quality control, ensuring that all work complies to the regulations.

Risk awareness

Whilst one department might own the project, assessing potential risks should be actively promoted within all departments. Allowing participants to identify risks and announce these should be encouraged. Sometimes, a solution can from another department – perhaps they had encountered a similar problem in another project. If a risk is detected, sharing it with others can lead to a quicker solution.

Feedback

By reporting constantly on the progress within the project to everyone, it allows others to follow its progress whilst also enforcing on them a need to also supply constant updates. When all information is held at one point and only distributed in a collated form once every so often, collaboration can quickly slow down as it becomes unclear to everyone what the value of their contribution is to the group. By publishing data regularly and assigning permission levels and access rights to everyone, they are also able to retrieve information when they need it – leading to a greater feeling of being a part of the project.

Recognition

Realise and acknowledge the contribution of all participants – both as departments and individuals. Try to learn from mistakes and understand that your needs as a treasury department are not always clearly understood or known within the rest of the organisation. Explain the benefits that can be achieved – less time spent on time consuming issues, clarity of data, better reporting and compliance standards, monetary savings etc.

Implementing new regulations via technology can lead to greatly increased collaboration between internal departments. This can include more intensive daily contact, better ability to identify risks, taking decisions that increase efficiencies for the company, and fostering a more open and healthy relationship with colleagues outside your own department. Successful projects can empower people to seek solutions that deliver positive change.

True collaboration will enable you to achieve results, accelerate delivery, create value and add strength. So, whilst 2018 is a challenge with all the new regulations, the potential results via collaboration can be seen.

If you are interested in learning more, please contact us via email at [email protected]

GDPR and its effect on your business

| 24-10-2017 | treasuryXL |

As if the finance industry is not already facing enough challenges swimming though the sea of regulatory acronyms – BASEL iii, EMIR, MIFID ii, SOX, KYC etc. – a new directive is due to come into force on the 25th May 2018, namely GDPR.

GDPR (General Data Protection Regulation) is an EU directive concerning personal data of EU residents that is held by companies. It is intended to give EU residents more control over their personal data by dictating how that data is held by companies. Any data that could be used to determine the identity of an individual must comply with GDPR. Furthermore the definition of personal data has been expanded from the usual name and address information to including such things as IP addresses, cookie data, photographs, minutes from a meeting where people are named etc.

The law states that any company that stores or processes personal data about EU citizens within EU states must comply with GDPR. Main criteria for compliance include:

  • A presence in any EU country
  • No presence in the EU, but processes personal data of EU residents
  • More than 250 employees

At first glance most small businesses would be exempt but, there is a provision in Article 30 that shows this is not completely true. The following explanation has been externally sourced:

The only time the articles allow concessions for organisations with fewer than 250 employees is in Article 30 – Records of processing activities. Most organisations will have to maintain a record of processing activities that contains the name and contact details of the controller, the reason for the processing, a description of the type of personal data or category being processed, how long the data will be kept before it will be deleted, and some other requirements.

 Point 5 of Article 30 states that the requirements will not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories. Therefore, a company that processes data on a regular basis or processes special category content such as racial, political or genetic (and others listed in Article 9) material, even if quite small, will not be excluded from this requirement.

Source: https://www.fsb.org.uk/first-voice/act-now-to-comply-with-new-gdpr-rules

Even sole traders hold data, not just of other companies (trading partners) but also of individuals. As a sole trader it is possible to think that the law does not apply to them, but a more prudent approach would be to review all data held. Data can be held in a myriad of locations:

  • Hard drives
  • USB sticks
  • Dropbox
  • Cloud
  • Evernote
  • Whats App

Having discovered all the data the you hold on others, it is then necessary to design a method to protect that data. Just applying a password protection to your computer is not enough – additional security can be provided by encrypting data.

The rights of the individual are clearly defined by GDPR – these include:

  • The right to be informed
  • The right to restrict processing
  • The right to refuse to become a data subject
  • The right to be forgotten
  • Data portability

The penalties for companies failing to comply with GDPR and failure to disclose data breaches include fines equivalent to 4% of global annual turnover for the preceding financial year or EUR 20 million, whichever is the greater.

What can you do to prepare for GDPR?            

All companies that handle client data have a duty to protect that data. That means you need to locate, identify, control and delete data if so requested by the individual. Furthermore, individuals have the right to know how and why companies are using their personal data and if that data is shared with any third parties.

This means starting with a thorough examination to find and identify all third party data that you hold and why. This data then needs to be examined and protected. Data should be held at 1 primary source – ensure data is not duplicated. Clients need to be informed of the data you hold on them.

Whilst this is a considerable challenge, there is a potential advantage to be gained by clients knowing that you are complying which could lead to a rise in the trust they have in you and your organization.

Remember – you only have about 150 working days left to implement!!