[:en]data/ˈdeɪtə/ [noun]

  1. Facts and statistics collected together for reference or analysis;
  2. The quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signals and recorded on magnetic, optical, or mechanical recording media.

How important is your data? Is it important enough to have a data manager? What about a Chief Data Officer? Do you have a data governance policy? Do you outsource all or some of your data governance? Who supplies your data? Who migrates your data? Who inputs your data? Who checks your data? Who reads your data? Who uses your data?

Do you ask these questions often? If you don’t, somebody somewhere should be and also, more importantly, someone should know the answers. It should also be inherent in your training schedules now.

This year no one escaped the intrusion of the GDPR. I say intrusion, as there was a surge in emails that gave everyone an opportunity to cleanse their inboxes of the databases that you didn’t want to be on any more but couldn’t be bothered to unsubscribe from. It was literally an act of purification, or was it? Has it worked? The act was not intended to stop commerce, yet it may have had exactly that effect in the short term. Many shops and advertisers rely heavily on the through traffic or click bait. Medium term, as an unintended consequence the spam and junk emails returned to similar levels quickly proving that data is alive and well as a commodity.

No doubt Cyber Monday made sure we got the latest on-line bargains, but your inbox will bear the consequences unless you opted out of mailing lists – but was that at the forefront of your mind when looking at 50% off?

In financial services, however, there has been an unprecedented focus on the security and governance of data and not just personal data. Many companies are now planning or implementing governance structures which previously were the domain of investment, operations, compliance and finance departments. So, do you know the answer to the questions at the top of the article? Are you doing anything about it if you don’t? Will auditors focus on this in the next year, if they haven’t already? Given the levels of risk and fines, it seems likely and you need to know where your company stands in relation to the data regulations.

Projecting have expertise in data and we know the answers to the questions through our experience and track-record of delivery on regulatory projects.[:es]data/ˈdeɪtə/ [noun]

  1. Facts and statistics collected together for reference or analysis;
  2. The quantities, characters, or symbols on which operations are performed by a computer, which may be stored and transmitted in the form of electrical signals and recorded on magnetic, optical, or mechanical recording media.

How important is your data? Is it important enough to have a data manager? What about a Chief Data Officer? Do you have a data governance policy? Do you outsource all or some of your data governance? Who supplies your data? Who migrates your data? Who inputs your data? Who checks your data? Who reads your data? Who uses your data?

Do you ask these questions often? If you don’t, somebody somewhere should be and also, more importantly, someone should know the answers. It should also be inherent in your training schedules now.

This year no one escaped the intrusion of the GDPR. I say intrusion, as there was a surge in emails that gave everyone an opportunity to cleanse their inboxes of the databases that you didn’t want to be on any more but couldn’t be bothered to unsubscribe from. It was literally an act of purification, or was it? Has it worked? The act was not intended to stop commerce, yet it may have had exactly that effect in the short term. Many shops and advertisers rely heavily on the through traffic or click bait. Medium term, as an unintended consequence the spam and junk emails returned to similar levels quickly proving that data is alive and well as a commodity.

No doubt Cyber Monday made sure we got the latest on-line bargains, but your inbox will bear the consequences unless you opted out of mailing lists – but was that at the forefront of your mind when looking at 50% off?

In financial services, however, there has been an unprecedented focus on the security and governance of data and not just personal data. Many companies are now planning or implementing governance structures which previously were the domain of investment, operations, compliance and finance departments. So, do you know the answer to the questions at the top of the article? Are you doing anything about it if you don’t? Will auditors focus on this in the next year, if they haven’t already? Given the levels of risk and fines, it seems likely and you need to know where your company stands in relation to the data regulations.

Projecting have expertise in data and we know the answers to the questions through our experience and track-record of delivery on regulatory projects.[:]

The 2018 FCA Platform Review interim report highlighted that the challenges of the costs and charges reporting requirement due in January 2019.

Those of you trawling through Waterstones best sellers and bargain books (other book shops are available) may not have stumbled on the FCA Business Plan 2018-19.

You may be under the impression that after the excitement of MiFID II and GDPR, there is a lull. Indeed, there appears to be a period of grace but this, unfortunately, is a false dawn. The business plan outlines some 12 reviews, 8 publications and numerous other activities across all financial services.

Some of the “highlights” include the proposed Suitability Review 2019. A follow-up version of the highly successful 2017 review.  (Is it me or do we seem to be following the same naming convention as the FIFA video game?)

The thematic priorities, which will have diverse methods of addressing and review, are:

  • Culture and governance
  • Financial crime and AML
  • Data security, resilience and outsourcing
  • Big data and fintech
  • Treatment of existing customers
  • Pensions
  • High cost credit

Key priorities within these themes are finalising the rules of the Senior Managers and Certification Regime and monitoring the roll out of technology and resilience as part of the Open Banking and the second Payment Services Directive (PSD2) (with the ability for third party providers to access a client’s data and make payments, this will be an important test of the security of this directive).

Introspectively, the FCA are also testing and applying RegTech and advanced analytics to the approach to regulation which may open the door for firms to move to similar schemes. Also, the FCA will be creating a Memorandum of Understanding with the Information Commissioner’s Office. This may lead to a focus in certain reviews and questionnaires on data security.

We have not heard the last of MiFID II either and, although to date, a collaborative approach has been taken, we may see considerable more depth to the monitoring, particularly transaction reporting and the inconsistent approach to research costs.

So, enjoy the summer’s fine weather, holidays and sport and look forward to the next year or two’s regulation with a spring in your step and a passport in your hand (Brexit allowing of course).

As more details become available on each of the areas, we will publish a short pragmatic guide on what they mean and what you will actually need to do.

With a couple of months to go until GDPR becomes law, how far up (or down) the Information Commissioners 12 steps are you from compliance?

We would like to give some practical guidance and advice, as well as share our experience to date. Projecting aren’t compliance experts (and don’t pretend to be) but our experience recently has demonstrated that, as with most other compliance projects, the practical application of the regulations requires an operational brain with a compliance awareness and that’s where our clients have been utilising Projecting.

So, here are our top tips:

  • Having a clear Data Policy that covers clients, employees, and vendors
  • Communicate clearly with all of these groups on their rights and data retention procedures
  • Take the opportunity to assess and clean up personal data repositories and anywhere else you keep personal data internally
  • Use this as a marketing opportunity to affirm data security with your clients
  • Document your impact assessment fully, i.e. in and out of scope regulations
  • Be clear about being a data controller, data processor or both
  • You may never get an exhaustive list of the business areas that are impacted, and which functions, but keep communicating and importantly, training, and you will reduce the risk of gaps · Utilise the Information Commissioners website (ICO)
  • Don’t be distracted by some of the esoteric impacts suggested, e.g. business cards – stay principle focused

So, we haven’t provided all the answers, and would never hope to, but rather than be as prescriptive as a management consultant, we want to share the pragmatic and not the enigmatic. As with all regulatory projects, we hope that this will assist in putting context and focus on the GDPR project you are undertaking.

And it won’t surprise you to know that we are covering all of the above in our own, internal, Projecting GDPR project!