Call Accounting Featured Article

Flora, Fauna & GDPR Compliance

  By Paula Bernier, Executive Editor, TMC

It’s been more than two months since the European Union’s General Data Protection Regulation went into effect. But many businesses are still grappling with what GDPR compliance looks like. However, some are coming up with some pretty interesting ways to address it.

The challenge is that ensuring personal data privacy under the EU’s new requirements is a complex and multifaceted task. And organizations within and beyond the union that touch EU citizen data are not sure what exactly those who police GDPR compliance might be looking at.

In any case, it’s important for any organization to deals with personal data from EU citizens to get to work on GDPR compliance. Those that don’t stand to face big fines – up to 4 percent of their company’s global revenue.

As the ABA Banking Journal reports, Donna McPartland suggests businesses start out by conducting a privacy risk assessment.

“They need to look at the data that they have for their customers, and see [how many] of their customers are in the EU and if they are regularly doing business with and/or marketing to them,” said McPartland, counsel in the privacy, cybersecurity, and data protection practice at Arent Fox (News - Alert) LLP in Washington, D.C. “That’s going to be an indicator as to whether or not this law applies to them.”

She added that banks also must take care in how they market and present themselves on the Internet. “Let’s say you’re doing target-based marketing, using IP addresses to monitor who is using your site and then providing marketing to those individuals,” she said. “That monitoring activity could potentially implicate you if you are targeting and monitoring EU data subjects.”

Meanwhile, in this blog, Herb Kelsey, managing director of Cognitive Strategies, comments: “Security leaders must look beyond the superficial elements – updating privacy policies, improving reporting procedures, etc. – to see that the technicalities are very unique and specific.”

As American Banker reports, Dutch-based Rabobank has gone beyond the superficial in addressing GDPR. In fact, you could say that the financial services company’s approach is downright natural.

Rabobank has begun converting customer data to the Latin names of animals and flowers as part of its GDPR compliance effort.

“If you want to use client data, you need to pseudonymize it or encrypt it,” explained Peter Claassen, Rabobank’s delivery manager for radical automation. “Otherwise you can see data that you’re not allowed to see, or it can leak and then you have even bigger problems.”