On the 28th January 1981, the European Convention on Data Protection was signed. Every January 28th since then, Data Protection Day commemorates this occasion. Today, as we mark the 40th anniversary of the day, financial organisations around the world are working tirelessly to secure access to data, keep it protected and meet regulations. And for good reason. The fines for data privacy infringement are rising steeply, there’s a growing threat of new regulations from Brexit and the amount of data finance companies have access to is increasing.
One advocate for making sure businesses’ get their data protection right and harness the value of their data is Wim Stoop, the CDP Customer and Product Director at Cloudera. Wim is responsible for leading the marketing direction and strategic vision for Cloudera’s mission to let organisations turn data into business value at scale.
Prior to Cloudera, Wim spent more than 20 years helping blue-chip companies such as IBM, BP, and HSBC solve their most data-intensive challenges in the context of their business objectives and usage scenarios. With a passion for data, Wim explains exactly what financial institutions need to be aware of when it comes to protecting their data and most importantly, how they begin doing this.
The hurdles of data protection
From the UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to the The Gramm-Leach-Bliley Act (GLBA), to name but a few, there are many regulations for the financial sector to adhere to. In fact, there are currently 128 countries across the world with legislation in place to secure the protection of data and privacy. And that’s before taking into account any new regulations that may be imposed following Brexit. Financial businesses failing to comply with these regulations will face significant fines. For example, a breach of GDPR could result in a fine of up to 20 million euros, or up to 4% of an organisation’s entire global turnover of the preceding fiscal year. Not to mention that the imposing of these fines is only getting stricter. Out of the total amount of GDPR fines (€272.5m) since the regulation became enforced in May 2018, €158.5m of them have been imposed since 28 January 2020.
At the same time, the amount of data available to financial organisations is on the rise, especially as a result of the ongoing pandemic. Overnight, financial institutions have had to cope with an exponential increase in data as online interactions replaced previous in-person engagement. In addition, employees are frequently operating from home devices in a potentially unsecured environment outside of the corporate network. While these issues have always been cause for concern in relation to data management and protection, the speed at which they happened in recent months was one businesses were not prepared for.
The good news is that ensuring a financial organisation’s data adheres to regulations and is secure does not need to be complicated. With the correct approach to data management and the right infrastructure in place, financial businesses can operate with the assurance their data is both compliant and protected — no matter what existing or new data regulations are imposed.
Getting proactive with your data management
When it comes to protecting data within the financial sector, a crucial element is the ability to identify what data is sensitive. Especially as there are varying degrees of personal data requiring different levels of protection, from biometrics or passport information which can uniquely and directly point to an individual, through to publicly available personal data, like someone’s date of birth or car registration. Then there is standalone data, which when combined, may indicate an individual. Understanding the different degrees of sensitive data, and having consistent data context is something finance businesses need in order to best protect customers. Once data has been identified, prioritised and classified by sensitivity, this is when the rules for data protection can be applied. For example, which users should have what level of access. Yet, this identification process is still a reactive rather than proactive one for many enterprises. The challenge in proactive data management lies in a company’s ability to close the gaps it has in tracking, identifying, and classifying information at scale in real-time, as opposed to doing so retrospectively.
The key to overcoming this and taking a proactive, rather than reactive, approach to data management is seated in first establishing a data marketplace or implementing a data fabric. In short, financial institutions need a curated, secured and governed data repository. With this in place, enterprises can determine from the outset whether data is to be treated as sensitive and enable end-users to browse the repository to locate the right data in order for them to address their business challenges. In doing so, financial organisations can avoid data lockout, reduce friction for employees as a result of data control and continue to reap the value from their data. All of which can be achieved with the confidence they are compliant and protected.
The support of an enterprise data cloud
The ability to consistently define data context is what will allow businesses to adopt a proactive approach to data management. A core component to this, will be the ability to deliver consistent security and governance over data. With this woven into data management from the beginning, financial institutions can ensure data is always compliant and protected. For this security and governance to be fully effective, it is vital that it is applied to all datasets across the enterprise – whether that be on-premises, in the cloud or both. This is where an enterprise data cloud (EDC) is invaluable. An EDC is a cloud-native hybrid data architecture that delivers analytics for the complete data lifecycle to help enterprises extract the true value from their data — all while providing a consistent layer of security and governance.
With the right infrastructure in place, financial businesses can have a single, consistent platform, built on technology that can operate across the edge, data centre and any cloud environment. An EDC, for example, supports a variety of data functions including the data marketplace and also works to provide financial organisations with the control, visibility and examination over their data that is needed. In having all of these capabilities working together, those within the financial services can ensure all the data that passes through their infrastructure and is driven into their data marketplace is governed and protected in the most efficient way possible.
Staying protected not just today but every day
The financial enterprises that will ‘win’ when it comes to data protection are those that take a proactive approach to data governance and management, from the get-go. They are the ones who understand the importance of a proactive approach: identifying sensitive data, accurately securing it and enabling the benefits of delivering trusted governed data to their end-users. With the right platform in place, financial institutions can monitor what is happening to the data throughout its lifecycle across all infrastructures and successfully establish a data marketplace. In doing so, they can be certain that they are proactively protecting their data, remaining compliant to both new and existing regulations and ultimately harnessing their data to drive value for the business.