Connect with us

Business

THE POTENTIALLY CATASTROPHIC EFFECT OF GDPR ON CLOUD MIGRATION – IF YOU HAVEN’T STARTED YET.

Published

on

Dr Gavin Scruby,CIO,SmartDebit

Certain industries have significant restrictions on the way they process data. Some of the most common are defence, health, credit card and government. When these organisations process data, they have to comply with industry-specific regulations, which benefits us all. What some companies have not yet realised is that everyone now operates under a similar kind of regulation. This is of course the General Data Protection Regulation, most commonly referred to as GDPR, which now governs data protection across the EU. The UK government intends to write GDPR into UK law and stay largely parallel with the EU, so the caveats here will probably apply even in the case of a no-deal Brexit. While many people know that the GDPR affects how they should protect data, the breadth of impact on the data controller-processor relationship is often missed, and this can have catastrophic effects on business flexibility, and particularly on cloud migration.

Gavin Scruby

Before getting into the consequences of this and how they could be managed, it’s worth looking at what controller and processors are, to see how they affect nearly everyone who offers a service over the internet. If you have a website and you integrate a card payment service, you are a data controller – you decide what data you collect from your customers (card details and postcode), why it is processed (to make a card payment) and who processes it (the card payment processing company). While you are the controller, the card company is your processor – it processes data from your customers to enable credit card payments to happen. This kind of relationship is more common than many people may think. In any situation where a company provides a personal-data processing service to another company, that service company becomes a processor. It could be an online CRM service, a bookings service, an online document storage service, even a paper document library (as GDPR applies to printed information too) – almost anything where the service provided stores or processes personal data for another organisation creates a controller-processor relationship.

The difficulty now is that GDPR puts a lot more restrictions on what a processor can do without the controller’s consent, largely because the controller now has many more obligations to check and control how data that it collects is used. This is only fair; if you are liable for data you’ve collected, you should have some say in what is done with it when you subcontract it to someone else.

A key restriction, and the one we consider here, is within the GDPR’s Article 28 Paragraph 2: “The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”

The simple language interpretation of this is that as a processor, you can’t change your data subcontractors without explicit permission from your controllers (i.e. customers) – and that means all of them. This is difficult enough if you want to change standard suppliers, but the often neglected consequence is that it can also affect where you locate core data and whether you migrate to the cloud. Even if you rent rack space in a data centre (co-location hosting) and the data centre never “sees” unencrypted data, this is still classed as a sub- processor by the law. Consequently, any move to another data centre, or a migration to cloud, is considered a change in sub-processor, which therefore requires permission from all customers.

In practice, this could be extremely limiting. You would not want to attempt to arrange written authorisation from every customer when you want or need to move to the cloud. If nothing else, it could push back migration timescales by years. The most you would want to do is inform customers, with perhaps an early termination clause if they had a significant issue. This is not how contracts are being drafted, and not how the ICO recommends they are drafted. Standard clauses will be created by the EU or ICO in time, but these are not yet available. The ICO recommends contract terms of the form: before employing a sub-processor, the original processor must inform the controller and obtain its prior specific or general written authorisation. It is possible to draft contracts to contain general written authorisation or include clauses to allow early termination or assumed acceptance on non-response, but you’ll need professional legal advice to make these enforceable and legal such that they do not violate the GDPR.

The result of the introduction of the GDPR now means you need to do two things: firstly, make sure your own contracts are drafted to ensure maximum flexibility for you but in compliance with the law; and secondly, read sub-processor clause amendments made by customers very carefully. Here you need to discuss your specific circumstances with your legal advisors or industry body. If you just migrate to cloud without customer consent, you could fall foul of GDPR sub-processor limitations, and many more organisations and individuals are getting knowledgeable on their rights.

Don’t panic though. The GDPR has thrown up many situations like this and it is still very new, in case law terms. The GDPR is not intended to work in such a way as to stop dead industry-wide cloud adoption. Everyone is finding their way on these rules right now and the ICO seems to be taking a “carrot” rather than “stick” approach for those companies who are genuinely trying to improve data protection but still operate their businesses competitively. In time, consensus guidance will be developed, but until that time, we all have to be more careful about what we sign and even more careful about the contracts we write.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

How can businesses boost employee experience for finance professionals?

Published

on

By

By Martin Schirmer, President, Enterprise Service Management, IFS

Over the course of the last year, The Great Resignation has seriously impacted organisations across the globe. Staff are quitting in huge numbers, leaving companies unprepared and struggling to fulfil their workloads. In fact, mass departures are happening at all levels of the labour market, as employees attempt to adapt to the hybrid working model and growing socio-economic uncertainty.

In light of this, optimising the employee experience (EX) to attract and retain talent has become a top priority for employers. Organisations have come to understand the necessity of taking immediate steps to drive employee engagement and reshape workplace culture.

The financial services (FS) industry is no exception to this trend. From increasing employee burnout to growing career dissatisfaction, the pandemic has exacerbated the need for transformation across finance teams. This is exemplified by recent data from Spendesk, which found that approximately 40% of finance professionals are willing to leave their roles or already have concrete plans to do so.

Organisations looking to get ahead of the competition must put in extra efforts to retain their existing workforce. The fact is that employee expectations and requirements have irreversibly changed, with more workforces becoming increasingly distributed. Today’s hyper-connected workforce values flexibility and simplicity, and it is organisations which offer these experiences that will succeed in the long term.

As part of this process, finance companies must look towards the power of technology to create seamless user experiences across devices. From automating workflows to improving overall efficiencies, Enterprise Service Management (ESM) can help organisations to boost user satisfaction and go that extra mile for their employees.

How poor EXs are driving finance teams to quit

With over 40% of employees spending a significant proportion of their time carrying out mundane, manual tasks, it is not surprising that poor EXs are having a detrimental impact on job satisfaction. Finance teams in particular have been slower to digitise core processes, leading to a heavy reliance on manual tasks. This not only increases the amount of time spent on each task, but also impacts the engagement levels of finance professionals who cannot focus on more strategic aspects of their roles.

As a result of the pandemic, flexibility has also moved to the forefront of finance teams’ desires. Given the fast-paced nature of this industry, the conversation surrounding work-life balance has increased rapidly. Failure to offer flexible working policies, coupled with a lack of technology to facilitate this flexibility, has led to poor EXs across the board.

Most notably, the overarching move to omnichannel, digital-first approaches has dramatically reset both customer and employee needs. Finance is the third-slowest running corporate function behind legal and IT. Operating in a competitive environment, 73% of finance operations are facing pressures to speed up, improve efficiency, and prioritise automation.

Mitigating the problem using technology

ESM, an offshoot of IT Service management (ITSM), is the cornerstone of smart digital transformation for organisations. It can help finance teams to streamline and automate routine processes, such as monitoring the status of service requests, approving expenses, sending invoices, and tracking payments. In turn, this will free up employees’ time, reducing the burden of manual tasks and enabling them to focus on the more strategic tasks.

Another advantage ESM can offer finance teams is the ability to adapt to each department’s minimum requirements for data privacy. Accounting, for example, needs additional layers of compliance built into the system.

ESM can also facilitate cross-departmental collaboration, helping finance professionals to communicate with the wider business and perform tasks more effectively.  Organisations can use ESM to incorporate all internal services into a single platform, offering employees a well-rounded view of the business and promoting a sense of community across all levels of an organisation. This will boost productivity, whilst enhancing visibility and control.

Ultimately, the current job landscape has brought with it a new set of challenges. Organisations in the FS industry looking to navigate the storm and retain top talent must refocus their efforts on bolstering the EX. Embracing a new era of technological innovation that empowers employees and boosts engagement is a critical step in this process.

 

Continue Reading

Business

CBDCs: the key to transform cross-border payments

Published

on

By

Dr. Ruth Wandhöfer, Board Director at RTGS.global

 

If you work in finance, you’ll have been hearing a lot about central bank digital currencies (CBDCs) and the moves different markets are making towards using, regulating and evaluating the viability of moving to an economy based on digital currency.

We are already seeing progress in the research, piloting and introduction of CBDCs into the financial system. The Banque de France for example, recently launched its second phase of CBDC experiments in line with the “triple digital revolution” unfolding in the financial sector. The infrastructures of financial markets and fintechs, however, are not prepared to accommodate their security, stability, and viability.

This could be an issue in the not too distant future. Each year, global corporates move nearly $23.5 trillion between countries, equivalent to about 25% of global GDP. This requires them to use wholesale cross-border payment processes, which remain suboptimal from a cost, speed, and transparency perspective. In fact, the G20 cross-border payments programme considers improving access to domestic payment systems that settle in central bank money, as one of the key components in facilitating increased speed and reducing the costs of cross-border payments.

The current state of cross-border payments

International transactions based on fiat are currently slow, expensive, and highly risky due to today’s disconnected financial infrastructure, messaging, and liquidity. Wholesale cross-border payment settlement can take 48 hours or longer, which is not practical in today’s digital world. Even if not every market moves to CBDCs, in an increasingly digital era, cross-border settlements between central banks will unavoidably involve dealing with CBDCs. So, not only will we have different currencies, we’ll have different technical forms of currency being exchanged – digital and fiat – as markets adopt CBDCs at different rates, adding another layer of complexity to cross-border settlements.

While there is much anticipation about the opportunities CBDCs can bring, the adoption of this technology will only be widespread if payment and settlement capabilities are overhauled to allow for new innovations in currencies.  This need for transformation represents an opportunity to redesign existing infrastructure to support cross-border CBDC transactions.

The current cross-border payments system involves correspondent banks in different jurisdictions using commercial bank money. Uncommitted credit lines used in cross-border transactions are a potential risk for any bank that relies on credit provided by a foreign correspondent bank. Interestingly, there is no single global payment and settlement system, only a complicated network of interbank relationships operating on mutual trust. While trust has allowed financial systems to function smoothly, when it begins to fail, as it did during the 2008 financial crisis, the result can be catastrophic.

Following the crisis, the Bank for International Settlements (BIS) implemented the Basel III agreement, which required banks to maintain additional capital against correspondent banking account exposures. These risk-weighted assets impose a costly capital charge on positions held by banks at other banks under correspondent arrangements. While this framework helps combat risk, it neglects to address the inherent problems in traditional correspondent banking that contribute to these risks.

Making the case for CBDCs

CBDCs can offer an improvement in settlement risks and are certainly thought to have potential benefits by the BIS. If implemented correctly, wholesale CBDCs can indeed accelerate interbank transactions while eliminating settlement risk. They can also encourage a more efficient and straightforward method of executing cross-border payments by reducing the number of intermediaries.

It is likely the evolution towards CBDCs will initially see the financial market supplement rather than replace existing payment instruments with new types of digital currency. CBDCs will coexist with current forms of money in a wholesale context, and their payment rails will also work alongside the existing payment systems. In simple terms, CBDCs will need to be linked to the broader capital markets ecosystem and applications such as securities settlement, funding, and liquidity.

If built with an innovation-first mindset, the future of banking infrastructure should provide full interoperability and convertibility between fiat, CBDCs, and any other type of digital money used in wholesale payments.

The future of CBDCs

To unlock the full potential of CBDCs, a ‘corridor network’ will need to be formed. This involves combining multiple wholesale CDBCs into a single, interoperable network under common governance agreed upon by all central banks involved. The legal framework of this platform would then allow for payment versus payment (PvP) or, where applicable, delivery versus payment settlement.

Practical wholesale CBDCs appear to be on the horizon, either as a supplement to existing financial systems or as part of a transition to a digital, cashless world. Looking ahead, central banks would benefit from collaborating with fintechs that provide innovative cloud native technology to enable seamless wholesale cross-border payments without interfering with the flow of funds. If wholesale CBDCs are to become a reality, fintechs must be prepared to accommodate them.

 

Continue Reading

Magazine

Trending

Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at RTGS.global   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...

Trending