When considering the potential impact that the EU’s General Data Protection Regulation (GDPR) could have on the entirety of the bloc’s corporate economic sector, look no further than the findings of an April 2017 Veritas survey in which 20% of the 900 respondents – characterised as “senior business decision makers” – expressed concern that, globally, non-compliance could put them out of business. Despite these concerns, it remains unlikely that the European Commission and EU Parliament would allow a single piece of regulation to deal a crippling blow to the global economy.
However, due to a current lack of clarity beyond the often-times ambiguous wording of the Level 1 text of the regulation seven months ahead of its May 2018 go-live deadline, much does indeed remain unclear regarding the potential costs – monetary or otherwise – associated with the implementation of and compliance with the GDPR, both for the global economy as well as within the EU. More specifically, and perhaps more worryingly, there is seemingly no consolidated understanding within the EU’s wholesale financial markets industry of the costs that the GDPR will levy on existing data management and data security operational processes and workflows, much less the trading business model overall.
In this article, GreySpark Partners consultants Giles Broxis and Russell Dinnage examine where at least some of those costs may eventually fall long-term for EU-based banks and buyside firms, and they outline some of the initial, big-picture first steps that financial institutions can begin to take in 2017 to prepare for adaptation to the GDPR’s mandates as opposed to full compliance.