Impact Note: GDPR
- Date:October 18, 2017
- Author(s):
- Test
- Sean Sposito
- Research Topic(s):
- Cybersecurity
- Fraud & Security
- PAID CONTENT
Overview
On May 25, 2018, when the European Union’s landmark General Data Protection Regulation (GDPR) is scheduled to take effect, few, if any, financial institutions will be confident they’re in full compliance, here or abroad. The sweeping mandate — containing 99 articles and 173 recitals — basically covers everyone who resides in the EU.1 It also protects a broader set of personal data beyond the Social Security numbers, dates of birth, and addresses that are usually considered personally identifiable information in the United States. In the context of GDPR, personal data2 are defined as “any information relating to an identified or identifiable natural person.” That may include IP addresses; “social media posts; photographs; lifestyle preferences; and transaction histories” — regardless of format, digital, paper, audio, or otherwise.3,4 In short, FIs should assume that GDPR could potentially cover all of the data it stores on behalf of its customers and employees — especially dual citizens and overseas website visitors.
Learn More About This Report & Javelin
Related content
2024 Identity Protection Services Provider Scorecard
Javelin Strategy & Research’s assessment of vendors in the identity protection services (IDPS) market revealed clear pacesetters overall, led by Best in Class winner Equifax, and a...
Privacy and KYC Requirements: Navigating the Labyrinth
Data privacy and security are hot-button issues for consumers and regulators. FIs must balance consumer privacy with the need to collect information for regulatory compliance. Furt...
Customer Contact Centers: Heroes in Cybercrime Remediation, Fraud Prevention
Criminals increasingly use cyberattacks and scams to target consumers, and FI call centers are often relied upon for victim assistance. The key will be FI customer-oriented contact...
Make informed decisions in a digital financial world