1. GDPR : Brief introduction
Operational impact of GDPR
for the fintech industry
www.pwc.com
2. PwC
General Data Protection Regulation (‘GDPR’)
Introduction
General Data
Protection
Regulation
(GDPR) will be
applicable on
25th of May 2018.
As time
constraints are
present, the
topics and
introduction are
not exhaustive
Any entity
processing
personal data
will be in the
scope of GDPR
Non-compliance
fines of up to 4%
of global annual
revenue or 20
million and
suspension of
processing
3. PwC
Operational impact of GDPR for the fintech
industry
Right to be forgotten
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data
Data base environment1.Request
To
remove
Name
Value Account Family composition
ID Hobby etc
Transaction
Timeline : 30 – 90 days
2.Identify
3.Erase based on request
4.Formal response
4. PwC
Operational impact of GDPR for the fintech
industry
Demonstrate compliance
Institutions Verifying
Compliance
Review underlying
documentation of process.
Therefore evidence must be
retained.
Challenges
Evidencing process can be a
challenge
• Identifying key areas;
• Retaining all the different
steps;
• Having them readily
available; and
• Ensuring process is
followed.
In short you are guilty
until proven innocent
5. PwC
Operational impact of GDPR for the fintech
industry
Being Processor and employing sub-processors
Controller Processor
Contract
Contract
Sub-processors