For many organisations big data presents challenges and opportunities. No more so than in the financial services sector where the regulatory landscape provides an additional level of complexity. Many FS institutions are so overwhelmed by legislative requirements that they have few resources left to exploit their data for profitable ends.
If your organisation feels like it’s constantly fire fighting, dealing with new regulations and ever evolving cyber threats, focused purely on protecting data – not using it proactively – you’re not alone. Regulatory compliance milestones this year include GDPR (the EU’s General Data Protection Regulation) and PSD2 – now in force – but it’s inevitable that there will be more regulatory change in the future, as a response to new cyber threats and risk.
FI institutions and specifically those responsible for securing data need to prepare for change and ensure they have access to the right skills to protect their business operations; and to future proof data protection strategies so they can adjust to future changes in legislation.
GDPR: An Opportunity?
Of course, you already know that. But knowing it and acting on it, are two different things. Many firms deal with data protection and regulatory change with bolt on solutions. First they attempt to protect data with perimeter solutions such as firewalls and monitoring systems, and then bring in reinforcements when vulnerabilities are detected.
It’s widely accepted that this approach doesn’t work, especially when it relies on vulnerabilities being detected before they can be shored up. It can be months, even years, before an intrusion is detected, and the vulnerability subsequently patched.
Instead a data-centric approach that focuses on understanding the risk associated with specific data and protecting it with the right tools and procedures, is a much more effective way to protect sensitive and valuable information. GDPR could actually help your organisation do this. It sets out to protect personal data by having systems and policies in place that questions what personal data is being collected and stored, and then meet requirements to protect it based on the sensitivity of the data.
The opportunity is that with a data-centric approach, organisations are in control of the data they do handle and can then be confident about using it in a compliant way. Moreover, it allows organisations to build trust with consumers that their personal data is in a safe pair of hands.
Having a data-centric approach also means that when new regulations are introduced it is much easier to identify what data is affected and how to respond quickly to changes in the regulatory landscape. Putting in place systems now that allow your organisation to be flexible and responsive, will help future proof your data protection and cyber security processes, and compliance strategies.
Some crystal ball gazing may be in order too, to predict what future regulations might look like and what threats and challenges these will be designed to legislate against. For this your organisation needs the right IT and security skills, and sector specific expertise.