The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018, with the rollout affecting almost every part of any business, including tech staff.
Proactive Investors reports that tech recruiter Harvey Nash is trading at a three year high, with gross profit 7% higher in June in comparison to the beginning of the financial year. Within that is a 20% uplift in gross profit in financial services. This sector has been especially busy, driven by worries over security, regulations such as Markets in Financial Instruments Directive II (MiFID II) and GPDR, and a shift to online banking.
Harvey Nash and KPMG’s
executive summary of their
CIO Survey 2018, which presents the views of almost 4,000 technology leaders, says boards have increased investment in data security and privacy in the rush to become compliant with GDPR and that managing operational risk and compliance have become significantly increased priorities at board level.
The Proactive Investors article says that the survey shows a 23% rise in respondents prioritising improvements in cyber security from a year ago because the threat of cyber crime is at an “all-time high”.
Proactive Investor article
Is GDPR obstructing blockchain’s potential?Yet GDPR appears to be at odds with tech designed to reduce the threat of cyber crime, according to an article in
The Loadstar by Alexander Whiteman. A key element of GDPR is the ‘right to be forgotten’, but Whiteman quotes a report by Transport Intelligence – titled
Why is blockchain a game changer? – that says: “The design of a blockchain ensures it is immutable and cannot be changed. Therefore, due to the design of the technology it would be in breach of the GDPR.”
The report adds: “GDPR is primarily focused on personal data and, across the [block]chain, personal data is often captured so the potential for breaches exists.
“How this conflict will be resolved is unknown at the moment, but it does not seem to be holding back the evolution of this technology.”
The report suggests the challenge is an example of how regulations fail to keep up with technology – although, there may be a solution. The report says: “According to IBM, the solution would be to configure the networks so that no personal data is held on the blockchain.”
The Loadstar article
D&O claims on the rise? A breach in GDPR can lead to fines of up to €20m or 4% of annual turnover. Insurance lawyers predict that the new regulation will lead to an increase in directors and officers (D&O) liability insurance claims, according to the
Insurance Times.
Jane Childs, partner at insurance practice Mayer Brown’s London branch, which specialises in D&O claims, says the regulation would “require company directors and officers to put a much stronger emphasis on ensuring they are protected against this threat against them”.
She also highlights a risk that directors and officers might simply delegate GDPR to compliance staff or specialists, but there is scope for regulatory action and civil claims against them if they’re responsible for the breaches and for wider company obligations in relation to data and privacy.
It seems that there are still several GDPR hurdles to overcome. The use of blockchain technology is on the rise across the sector, but it appears to be incompatible with the rules. And directors and officers who think they can delegate compliance responsibility to compliance staff may need to think again – they could still be at risk of being guilty of a breach of the regulations. The compliance deadline may have passed, but it seems that the sector can’t breathe a sigh of relief just yet.
Insurance Times article
Seen a blog, news story or discussion online that you think might interest CISI members? Email bethan.rees@wardour.co.uk.