Connect with us

Uncategorized

GDPR: data security four years on

Published

on

Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed in the UK since the Data Protection Act of 2018.

If you work with data in any shape or form, you should be familiar with GDPR: the General Data Protection Regulation.

GDPR is a framework in European Union (EU) law designed to standardise data privacy laws across EU member countries in Europe, regulating how businesses share information and improving protection for consumers. This mutually agreed legislation came into play in 2018 to replace previous data protection rules across the continent, which had existed long before data was created and shared at the scale it is today.

On the same day in 2018, the UK government published a new Data Protection Act (DPA) — a legal framework governing personal data and the flow of information in the United Kingdom. Like the EU GDPR, this law updated the existing Data Protection Act of 1998 and came into effect on 28 May 2018.

Much has changed since these frameworks were first announced, and the guidance for data protection has evolved as a result. Consequently, even if your business was compliant when the GDPR legislation was first published, that doesn’t mean that it still is today.

So, how have the rules changed, and what must businesses do to ensure they aren’t falling short of the mark?

What’s the purpose of GDPR?

According to GDPR laws, all organisations that process personal data must comply with data protection legislation, regardless of their size.

Simply put, personal information is any information that someone could use to identify a living person, including names, email and home addresses, identification numbers and IP addresses.

GDPR and the DPA 2018 state that organisations must have a clear purpose for collecting personal information and allow individuals to review, amend or challenge data processing practices. Furthermore, businesses must implement appropriate security measures to mitigate against cyber attacks and data misuse and disclose any security incidents involving customer data.

The size of a business will determine the extent of its GDPR obligations. The Information Commissioner’s Office (ICO), responsible for upholding information rights in the public interest, may grant exemptions case-by-case. Exemption from GDPR is dependent on a company’s ability to prove that compliance with UK GDPR will prevent, seriously impair or prejudice the achievement of processing purposes. However, businesses shouldn’t routinely rely on exemptions.

Failure to comply with GDPR can increase a company’s risk of experiencing a data breach and the reputational and financial damage that follows. What’s more, it can lead to hefty compliance fines. So, it’s in business leaders’ best interest to ensure they achieve and retain GDPR compliance for their organisation.

How has GDPR changed since 2018?

In the context of data protection, one of the most significant events that have occurred since the original legislation was released is the United Kingdom leaving the EU.

The DPA 2018 incorporated EU GDPR and passed before Brexit legislation came into effect. As the DPA 2018 was constructed and intended to be read alongside the EU GDPR, which no longer has domestic application here, it’s since been adjusted to reflect the post-Brexit changes to domestic data privacy laws.

The amended ‘UK GDPR’ and DPA 2018 apply to UK organisations that store, collect or process personal data pertaining to individuals residing in the UK and to non-UK organisations that offer goods or services to UK residents. Alternatively, the EU GDPR only applies to organisations and individuals living in or trading with countries in the EU.

Overall, the fundamental principles, rights and obligations associated with GDPR haven’t changed. However, some differences between the UK and EU GDPR have already impacted businesses — or are likely to soon.

The government’s 2021 data strategy consultation, ‘Data: A new direction’, outlined aims to simplify policies from the EU GDPR, reducing regulatory burdens on businesses and incentivising organisations to invest more effectively in data protection. These proposals suggest changes to data protection recommendations for accountability frameworks, artificial intelligence and machine learning, legitimate interests, direct marketing and more.

The future UK data protection framework will favour a more risk-based approach and permit greater flexibility for businesses. Once implemented, these amendments will influence the way organisations are required to record and assess data privacy.

Why should businesses stay up to date with UK GDPR?

As the needs and demands of the digital world continue to evolve, legislation concerning data protection is constantly changing.

The ICO regularly publishes updated guidance for various data protection applications, as controllers and processors manage ever-increasing volumes of personal information.

For example, the Privacy and Electronic Communications Regulations (PECR), which also sit alongside the DPA 2018 and UK GDPR and give people specific privacy rights concerning electronic communications, were amended six times between 2004 and 2018.

In the EU, the PECR directive was due to be replaced by the ePrivacy Regulation (ePR) in 2018 — an update intended to clarify how website operators should handle the use of cookies and complement GDPR. However, the implementation of this regulation has been delayed and isn’t expected to come into force before 2023.

It’s not yet known whether the UK will fully implement the ePR’s requirements. Still, as UK companies are likely to continue doing business in EU countries, this legislation may impact UK businesses. So, understanding and following UK GDPR and DPA rules are crucial for any business that handles personal data.

For professional services industries such as accountancy, finance and law that regularly deal with large volumes of sensitive data, the risk and cost of a cyber attack are high. Solicitors and accountancy firms are likely to be considered ‘controllers’ of data; they’re responsible for determining how and why personal data is processed.

As such, it’s recommended that businesses seek the advice and support of a GDPR consultant that can make organisations aware of the latest legislation and ensure they are meeting their obligations under new laws.

Business

How Big Data is Transforming Bilateral Trading

Published

on

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia

 

Since its inception, Big Data has been an important part of how firms have identified and constructed quantitative trading strategies with hedge funds depending more on quant strategies which rely heavily on big data driven analytics.

As big data technology continues to move from being a specialised technical capability to being a commoditised capability available on a range of easily consumed technology platforms, its use within the financial derivatives will continue to increase beyond the initial quantitative driven capabilities.

At the same time, the number and range of available data sources is increasing rapidly. Whether it’s the increase in alternative data sets or new technology enabling firms to simply keep more of the data they have been creating, the volume of data available is increasing dramatically.

 

Big Data in Risk Management

Risk Management has always had requirements which have driven a close collaboration between business and technology to make available risk analytics useful for the business to make better decisions. As technology becomes more advanced, the metrics available continue to improve as well. This is typically because many risk metrics require high numbers of scenarios and valuations to correctly identify risks in multiple scenarios. To maintain flexibility, this has led to an explosion of data to manage. Firms are increasingly keeping all this data available which can run into many Terabytes (TBs), much of which needs to be ‘In Memory’ to make it accessible to analysts.

Stuart Smith

To achieve this big-data, technology is critical to allow firms to move large volumes of data quickly and easily from affordable long-term storage into high performance in-memory analytics. Big Data technology is ideal for this type of problem to enable large volumes of data to be recalled from across multiple stores and appropriately aggregated or filtered based on the analysis which users are requesting. Whereas in the past, analysts would have to accept that data outside of the last 3-5 days is only available in a summarised format, they can now expect that the data can be re-hydrated quickly and easily from cloud data stores and available to them in an easy-to-consume web interface.

This can enable much more dynamic types of analysis, for example where a new risk is identified, through analysis of a recent data set it’s now possible to find a long history of that risk, whereas previously it would have been lost through summarisation and fixed reporting processes.

 

Collaborative Data Sets

More big data stores are being created as the industry becomes more collaborative and uses increasing numbers of fintech solutions and platforms. With this change come new ways to analyse data and provide new insights.

For instance, through the automation of collateral exchange, an historical store of margin calls, payments and disputes has been created. This history provides a resource for banks to understand their performance in accurately issuing and making margin calls based on derivatives and compare their performance to that of the industry as a whole. The example below shows how a firm can be benchmarked while holding other institutions data private.

These types of analysis are new and could not be delivered without the centralised collaborative data model. It can prove to be instrumental in improving firms’ overall operational efficiency and client service.

It also provides an opportunity for Machine Learning techniques, based on big data sets, to analyse and predict payments requests which are likely to be disputed and potentially identify causes before an actual dispute is even raised. This type of ‘self-healing’ process can only be enabled by a large history of data through which algorithms can be trained.

In the case of Initial Margin (IM) calculated by ISDA SIMM* a new set of challenges have been introduced through having a two-sided risk calculation as part of the process of deriving payment information. This adds another level of complexity to the resolving of disputes; however, the potential offered by having large volumes of data opens up new options on how this challenge could be solved. The long history of Common Risk Interchange Format (CRIF)** data provides a long-term view of the sensitivities for most OTC derivatives, which can enable firms to identify basic issues like stale market data day over day. However, as with most detailed analysis differences in models, they can also be identified through looking at differences over long periods of time. Identification of these types of model discrepancies can help firms to be more proactive about reviewing their modelling deficiencies to ensure that differences don’t lead to disputes.

 

Looking ahead

The sheer volume of data can be an industry-wide challenge with firms having to manage disparate, needlessly duplicated and ultimately overwhelming information. Creation of an industry standard for reporting and analytics is, therefore, crucial to enable firms get clarity and valuable insights from the masses of data and centralise the information as a single data layer. Acadia has designed Data Exploration (DX) suite to be one-of-its-kind big data analytics platform to help sell-side, buy-side and fund administrators see its market positioning, trends and analysis of industrywide metrics.

The impact of big data will only grow and the industry is left with no choice than to evolve the use of technology, whether that is to drive quant strategies for hedge funds, more dynamic forms of risk management or larger shared industry data sets. All of these applications rely on underlying big data technology platforms to provide distributed analysis capabilities. As these capabilities continue to develop so will the types of analysis which are available to firms.

*The ISDA Standard Initial Margin Model (ISDA SIMM™) is a common methodology for calculating initial margin for non-centrally cleared derivatives, developed as part of ISDA’s Working Group on Margin Requirements (WGMR) to help market participants meet the BCBS-IOSCO margin framework for non-cleared derivatives.

** The CRIF file (Common Risk Interchange Format) is the industry template used to hold and exchange sensitivity data. ISDA’s calculation specifications are used to produce Delta, Vega and Curvature sensitivity numbers at Risk Factor-level

 

 

 

 

 

 

 

 

 

 

 

 

Continue Reading

Business

Deal or no deal: Why ESG has become the M&A stepping stone

Published

on

By Alistair Lester, Global Co-CEO of M&A and Transaction Solutions, Aon

Over the past year, with the reopening of the world economy, we’ve witnessed a resurgence in M&A activity. In line with record breaking deal activity, a number of core trends and priorities have emerged in the c.  

Specifically, we’re seeing increased investment in technology, following the crucial role played by digital solutions in facilitating M&A even at the height of the pandemic. Focus is also increasing on financial due diligence, with buyers becoming more dependent on third-party deal finance in today’s market. as well as the rapidly rising prominence of Environmental, Social and Governance (ESG) standards. 

These focus areas are proving to be crucial for deal makers as they navigate today’s high inflation environment and ongoing uncertainties related to geopolitics, government regulation and COVID-19 pandemic-related disruptions. 

Investment in ESG in particular has become a stepping stone between deal or no deal in the M&A process. According to Mergermarket, 60% of global dealmakers said they have walked away from an investment due to a negative assessment on ESG issues at a potential target. 

Meanwhile, 52% say their ESG investment strategy has had a positive impact on overall investment returns – when done right, ESG investment can have a direct influence on business outcomes. 

Understanding specific ESG requirements for businesses will therefore be one of the most critical areas to get right for dealmakers today. Let’s take a look at why this is so important today. 


Rising ESG scrutiny

The main challenge with ESG is that the space remains incredibly broad – it covers everything and anything. From climate change risk to social issues, ESG considerations will play a role in every M&A transaction moving forwards.

This is why ESG scrutiny in M&A transactions is so critical. It will allow organisations to be appropriately advised on the consequences and opportunities associated with the ESG regulatory environment. Recent research found that a staggering 90 percent of dealmakers predict an increase in scrutiny of deals for ESG implications over the next three years, with almost half believing the increase will be significant. 

A key focus in the near-term will be on how different ESG regulations apply to an organisation. While not every ESG regulation will apply to every business, buyers will increasingly scrutinise a target’s ESG credentials during the due diligence process, homing in on reputational risks as well as regulatory concerns. Organisations will therefore be required to comply in the most effective way and fully understand how they can measure up to those regulations. 

This may also lead to the demise of some firms that are already finding themselves under significant pressure, particularly in today’s high inflation environment. ESG compliance could ultimately be the straw that breaks the camel’s back. 

 

ESG + cybersecurity = ESGc 

Cybersecurity is increasingly being tied into the ESG agenda because of the huge impact it has on a company’s integrity. Firms that hold personal data have an unavoidable societal responsibility to protect that information. 

As a result, it has never been more important to find a balance between risk management and value creation. Organisations must understand the seriousness of cybersecurity and organise all assets with this in mind, in order to be fit for purpose in the current environment. 

As a first step, developing a cyber resilience strategy will help identify any risks that businesses are facing. This ensures they can mitigate any issues and protect sensitive information, which is critical today in the face of tightening regulations.


The full ESG journey  

With rising scrutiny on ESG, there’s a sense of urgency to define pertinent ESG issues in M&A from the start of the deal making process. Pinpointing which relevant regulatory areas need to be considered and addressing them early on will make the due diligence process easier across the board, both for businesses and dealmakers.  

What’s more, with a shift in consumer and workforce demographics, pressures to address social issues are now coming from the bottom up, as well as from investors and regulatory bodies. For future targets or acquirers, ESG must be embedded into the enterprise at all levels. 

Businesses today have no choice but to put time, resources and effort into understanding what is relevant to the industry they’re in and the jurisdictions in which they operate. They must then find effective ways to roll these changes out across the enterprise – such as through behavioural motivations and incentives. 

To help navigate this ESG journey, we’re seeing more organisations hiring experts in the space. This helps to make sure that ESG requirements aren’t overlooked, as this can have major impacts both legally and on the organisation’s value when a buyer takes an interest. 

 

It’s time to act now 

With the growing perception that ESG performance directly correlates to commercial strength, ESG will undoubtedly have a defining impact on dealmaking over the next 12 months. 

Dealmakers are holding companies to a higher standard today. Business leaders must act now to get on top of the ESG agenda and carefully consider relevant regulations to embed specific ESG frameworks successfully into their whole organisation. 

Continue Reading

Magazine

Trending

Business5 hours ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance11 hours ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 1011 hours ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business11 hours ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News11 hours ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business19 hours ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology1 day ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance1 day ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking1 day ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business1 day ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business1 day ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Wealth Management1 day ago

Keeping Cyber Insurance Premiums Down with Deep Observability

By Mark Coates, VP EMEA, Gigamon There is no doubt that the cyber insurance industry has experienced something of an...

Business1 day ago

When it comes to innovation, ignore your CEO and listen to your customer

 By Alex Hammond, Partner, Airwalk   At its core, the 2008 financial crisis was a result of banks incorrectly managing...

Business1 day ago

Netflix-style ransomware makes your organisation’s data the prize in a dark subscription economy

By John Davis, UK & Ireland Director, SANS Institute. Today’s subscription economy makes accessing nearly any service as easy as hitting enter....

Banking1 day ago

BANKING FOR BETTER 

By Alex Kwiatkowski, Director of Global Financial Services, SAS. From shifting market dynamics and mounting geopolitical tensions, to skyrocketing cyber threats...

Banking1 day ago

Why traditional banks need to embrace the agility of fintech competitors

Paul Higgins, EMEA Banking Lead, Mendix   Tech has long played a role in the finance space. The legacy applications running...

Technology1 day ago

SaaS Procurement’s Silver Bullet – How Automation is Changing the Game

Sven Lackinger, Co-Founder, Sastrify   Sven Lackinger is Co-Founder at Sastrify, the digital procurement platform for Software-as-a-Service products. Founded in...

News1 day ago

Tata Motors partners with IndusInd Bank to offer exclusive Electric Vehicle Dealer Financing

Key Highlights:   One-of-its kind Electric Vehicle Inventory Financing program for Tata Motors’ dealers  Limits extended towards EVs will be over...

Finance1 day ago

astrantiaPay Selects SaaScada to Enrich Swiss Landscape of Business Payments and Fill Market Gap

Swiss financial firm, astrantiaPay, to use SaaScada’s cloud-native core banking engine to simplify cross-border payments for SMEs and facilitate international...

Business2 days ago

How Big Data is Transforming Bilateral Trading

By Stuart Smith, Co-Head Business Development – Data & Risk at Acadia   Since its inception, Big Data has been...

Trending