Welcome to a series of articles I shall be posting to cover some the key facets of GDPR and how they might be addressed using engineering techniques rather that rather the more simplistic approaches of hoped for policy declarations and attestation that are often used to provide a “figleaf” form of compliance.
In this series I shall be looking at some the key areas of this broad piece of legislation notably:-
- Provisions and Principles
- Controller and Processor
- Rights of the Data Subject
- Transfer of Data
- Supervisory Authorities
- Specific Situations
By way of a starting point I thought I would highlight a key statement made by McKinsey & Co last year in their paper
Compliance in 2016: More than just following rules
“A modern compliance framework must be integrated with the bank’s operational-risk view of the world.
Integrating the management of these risks offers tangible benefits. It ensures a comprehensive coverage of risks, lessens the burden on the business and the control functions, and facilitates a more efficient allocation of enterprise resources and management attention.”
And then goes on to say…
“Banks can start this journey by developing an integrated inventory of operational and compliance risks; standardizing risk, process, product, and control taxonomies; coordinating risk assessment, remediation, reporting methodologies, and calendars; and clarifying roles and responsibilities among control functions for each material-risk type to ensure there are no gaps or overlaps.”
In this series of articles I will focus on the detail in the paragraph above and look at what it means across the core areas of GDPR .
In the meantime until my next posting the “exercise for the reader” is to think about what an “integrated inventory” really means and what the “standardizing” effort will entail and what the resultant artefacts might comprise.
Rupert Brown is CTO of The Cyber Consultants. He has an unrivalled track record over 30 years in Banking IT comprising senior Strategic and Operational roles in Frontline Application Architecture, Development and Delivery as well as ground breaking Enterprise Technology Infrastructures. This has also been complemented by similar client facing leadership roles for Information Vendors and Silicon Valley “Unicorns”. He was formerly a Chief Architect at UBS and before that served in senior roles at Bank of America Merrill Lynch, Reuters, Paribas and Morgan Stanley.
This article was first published on Linkedin Pulse on 25th January 2017 and can be found here
The opinions expressed by guest bloggers are their views and do not necessarily reflect the opinions of Corix Partners.