blog from Appway

The new normal: a GDPR preparation checklist for banks

It’s time to face the music: the General Data Protection Regulation (GDPR) is about to be very real

Share this resource

Guiding digital transformation at institutions worldwide

View Solution Provider Profile

Connect with Appway


Regulatory Reviews for Wealth

Regulatory Reviews for Wealth enables a data-driven orchestration of the compliance process that provides a holistic overview of clients. Regulatory reviews are expedited due to data centralization and the monitoring of internal tasks, which are assigned according to priorities. Compliance experts can design the review process and meet deadlines with the...

view solution
by Appway
| 19/04/2018 16:07:06

By Chiara Gelmini, Business Practice Manager, Appway

With only a little over a month to go, it’s starting to sink in that the GDPR is right around the corner and that it’s no longer ‘that law going into force at some point in the distant and hazy future’ but is now ‘that law that’s becoming a reality.’ On May 25th, after a two-year transition period since it was first adopted, GDPR will become enforceable. Tons of time, energy, and attention has been spent trying to put the requirements of this regulation into the right words.

Despite all of this preparation and even with the impending deadline to comply looming in the very near future, the big question that many financial institutions are still facing is, “Are we ready???”

To answer this question, organizations need to evaluate how compliant they currently are with GDPR. Here's a 4-step checklist, based on ICO (UK Information Commissioner's Officer) guidelines, to help determine GDPR maturity:

Lawfulness, fairness, and transparency
o Did your firm complete a data flows analysis into, across, and out of your institution?
o Did your firm complete a review of consent for first-time requests and for their continuous management?

Individual rights
o Does your firm have processes in place to respond to the following rights: right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, and right to object.

Accountability and governance
o Does your firm have a data protection policy statement to show accountability?
o Does your firm have data protection training for staff?
o Did your institution complete a business impact analysis of personal data-connected risk?

Data security, international transfers, and breaches
o Does your firm have an information security policy statement which explains that you process personal data with the right level of security?
o Did your company put an effective process in place to spot, assess, and address data breaches? 


“The state of GDPR-readiness in Europe. A consumer perspective” iWelcome Feb. 2018

It’s obvious from the above figure that, as of two months ago, some European companies weren’t yet compliant with GDPR. In fact, GDPR readiness hasn’t changed much since November of last year until February 2018, according to iWelcome’s study, “The State of GDPR-readiness in Europe.” This means that either GDPR maturity in Europe will not be where it should be by the end of May or the region will catch up and meet the requirements over the next weeks.

As the figure highlights, organizations are still struggling to keep up with regulatory change. In order to adapt to and use the strategic innovation potential of these shifts in regulation, it’s becoming clearer by the day how important it is to integrate policies and procedures into future-proof, flexible, and holistic tools. This will enable organizations to streamline data and enforce rules, checks, and security with less effort and costs involved, therefore freeing up resources to support the business in taking advantage of regulatory changes.


Appway's GDPR Infographic: 3 Steps Banks Can Take to Leverage the New Law