Data protection: Why and How (GDPR)?

Data protection: How to protect your clients’ personal data (and comply with GDPR)

Businesses that process personal data and information are obligated to protect said data. Data security is a foundational premise if you work in the financial services or sector – but it’s also a necessity if you handle or process any form of data.

In this article we explain:

What is data protection?

Technical data protection

Organizational data protection

How to manage breach of data protection

With NewBanking Identity you can simplify the process of protecting your clients’ personal data – from first contact till the end of your business relationship. Our solution ensures that you comply with GDPR and Anti-Money Laundering (AML) laws and regulations in all of the EU.

What is data protection?

Data protection is a catch-all term for all security measures and safeguards that protect your own – and your clients’ – data.

All businesses in the EU are obligated under GDPR (General Data Protection Regulation) to protect their customers’, employees’ and other partners’ data – including their personal data. This applies to both internal (people in the organization) and external (for example, hackers) parties.

It’s up to the business itself to implement sufficient safety measures that protect data. These safeguards are usually categorized as either:

Technical security measures or precautions
Organizational security measures or precautions

The appropriate degree or extent of such measures for your business is up to you. This requires, among other things, that you make a Data Protection Impact Assessment (DPIA) and a consequence analysis of your data protection. You can find a template for a Data Protection Impact Assessment (DPIA) on GDPR.EU.

Furthermore, it’s important that you can document that you’ve installed or implemented the necessary measures, and that you subsequently and regularly evaluate whether they’re sufficient in order to protect the personal information you process.

There are a number of internationally recognized standards for data protection, such as:

ISO 29151
ISO 29134
ISO 27001

They can be read in full on the International Organization for Standards’ website.

As a data manager and as a data processor it’s important that, even if you’re following the standards and guidelines, this is not synonymous with complying with GDPR. For that reason it’s important that you have a systematic, professional, and structured approach to the job. If you process sensitive personal data (‘special category of personal data’) it can be necessary to add-on or expand with subsequent protection measures.

Technical data protection

Technical data protection and safeguards are all forms of security measures that rely on digital tools and IT infrastructure. It exists predominantly on computers and servers.

This could, for example, be:

Firewalls
Passwords
2-factor authentication
Encryption
Logging of data handling
Different administrative roles
Storing data in levels (so a breach doesn’t give access to all data)
Anti-virus
Backup

Organizational data protection

Organizational data protection and safeguards are the type of data protection that involves people and processes. Data is secured by training employees and following guidelines that prohibit unplanned error or intentional breaches of personal data.

This term applies to:

Procedures for data processing
Clear distribution of roles and access
Security courses
Education of employees
Risk- and consequence assessments
Action plans for breaches of personal data

How to manage breaches of data protection

No data protection is fail-safe and fool-proof.

This is also acknowledged by the GDPR itself and by most of the regulatory agencies responsible for enforcing it in the EU.

In order to minimize the damage of a breach, it’s important that you have a clear action plan for when you might suspect that there’s been a breach of your security. This encompasses, but is not limited to, a clear division of responsibilities between data manager and data processor, how you report potential breaches to clients, and clear guidelines for how you report breaches to the relevant regulatory authorities.

With NewBanking Identity you get AML and GDPR compliant data protection

With NewBanking Identity, you get a software platform that protects your clients’ data and ensures you comply with Anti-Money Laundering (AML) laws and regulations.

Furthermore, the platform helps you verify your clients’ identity so you comply with KYC and CDD. Get more information about our security by reading our Security Whitepaper.