Adaptation to the General Data Protection Regulation

An Assessment of Tactical Approaches to Sellside Implementation & Compliance

This report narrates the approach that the Chief Data Officers within investment banks could take in managing the organisation’s implementation and compliance efforts associated with the EU’s General Data Protection Regulation.

Read More

Despite not being a financial markets-specific set of mandates, GDPR nonetheless pertains to capital markets-facing companies and the reams of personally identifiable information data points and personal datasets used to power their business and trading franchises on a front-to-back basis. Specifically, this report examines the implementation and compliance implications of the regulation from the perspective of the investment banking divisions of EU-based banks, regardless of their size or tiering.

The objective of GreySpark’s research around GDPR is to narrate a step-by-step explanation of how a bank could utilise best practices when using process and policy to drive implementation, compliance and – ultimately – regulatory change initiatives.

Published on: 2 May, 2018

Adaptation to the General Data Protection Regulation – Table of Contents

  • 1.0 Achieving Privacy by Design within an Investment Bank
    • 1.1 Finding & Segmenting In-scope vs. Out-of-Scope PII and Personal Data
    • 1.2 Enacting Consent Across Specific Lines of Business
    • 1.3 Operationally Enabling Subject Data Access Requests
    • 1.4 Addressing ‘Right to be Forgotten’ Requests
  • 2.0 Tactical Implementation & Compliance Approach Considerations
    • 2.1 Centralise Governance of Process & Functions at the CDO Level
    • 2.2 Process Must be Hardwired to Policy
    • 2.3 Augment Compliance through the Use GDPR-specific Vendor Solutions
    • 2.4 Automate Pseudonymisation or ‘Masking’ Functionality in Siloed Sources of Personally Identifiable Information
  • 3.0 Assessing the Long-term Organisational Enhancements Associated with Compliance
    • 3.1 Clean Personal Data, Bank-wide
    • 3.2 Improved Client Services Profiling
    • 3.3 The Maintenance of Compliance in Support of Long-term, Strategic Initiatives
  • 4.0 Appendices
    • 4.1 Glossary of Terms
    • 4.2 Table of Figure