Interesting article in Fintech Finance pointing out that the introduction of GDPR will "necessitate a hefty cultural shift, not only in the management of technology but in the way people operate and the processes put in place".
The 2 core objectives of GDPR- being (1) strengthening data protection rights; and (2) harmonization DP law across the EU; present both challenges and opportunities for Ireland and its Fintech ecosystem in particular.
GDPR comes into force in May 2018 and the consequences of failure to comply with GDPR are material- with fines of up to 4% of global turnover or €20M on the cards.
Recent surveys of Irish data rich businesses suggest that there are a lot of Ostrich's with their heads buried in the sand out there- with most Irish businesses expressing real concern about the challenges which GDPR will pose for their businesses, whilst at the same time, the majority still have not commenced implementing a GDPR compliance plan to meet those challenges.
There is no doubt that GDPR compliance will bring increased costs for data rich businesses but, very interestingly, a lot of companies in the Fintech space are nonetheless actually positive about its impending introduction, seeing GDPR as important for improving consumer confidence in their services and believing that a combination of:
1. the fact that Ireland's approach to DP regulation is well respected internationally (as evidenced by the large number of tech driven multinationals establishing here);
2. the fact that harmonization of Data Protection law across the EU will actually make it easier for them to operate from Ireland on a pan European basis; and
3. the introduction of the "Lead Authority" approach- where if a Fintech company's main place of establishment and regulation is in Ireland the Irish supervisory authority will now be the lead authority for investigating cases of data breach where such entities which have subsidiary establishments across other EU countries, or are involved in cross border processing,
all strengthen the business case for establishing and driving Fintech business with international ambition in Ireland.
Watch this space.
Soon to be enacted across the European Union, the General Data Protection Regulation – GDPR – has caused no end of concern among CIOs. Although it represents good news for consumers, from a business perspective, things aren’t quite so simple. While the regulation will be helpful in making it easier and more cost effective for cloud providers to offer pan-EU solutions, as well as making customers feel safer in entrusting valuable data to third-parties, GDPR is likely to have serious implications for Europe’s approach to disaster recovery (DR) and business continuity (BC). there is a significant difference between the current DR directives and the rules set out by GDPR. Its introduction will necessitate a hefty cultural shift, not only in the management of technology but in the way people operate and the processes put in place. data of EU citizens.