On May 25, 2018 the General Data Protection Regulation (GDPR) came into effect to prepare the European Union (EU) for the digital age. GDPR was designed to give EU citizens more control over their personal data and ensure organizations gather personal data legally and under strict conditions. Organizations were further obligated to protect the data from misuse and exploitation and respect the rights of data owners or face penalties for not doing so.
In an article for FTAdviser, William Rimington, Managing Director, in the Cyber Risk practice of Kroll, a division of Duff & Phelps, states “A number of organizations were still struggling to meet their obligations when confronted with tasks like subject access requests – where an individual can demand details of all the data held on them by a company.” This has been a major challenge facing advisors as organizations fail to comply with GDPR. The first three quarters of the UK’s 2019-2020 financial year saw over 799 reports of personal data breaches across the finance, insurance and credit sector. According to William, organizations need to improve how they manage, treat and protect their data or they will have to pay large fines.
Read the full article here.
