GDPR and RegTech

Replacing the existing Data Protection Directive, General Data Protection Regulation will come into effect in May 2018. Exactly 3 months ahead for the enforcement, enterprises are currently in a hurry providing the compliances foreseen by the GDPR. This legal change of requirements in the ever growing field of work of personal data, has even produced a new sub-sector in information technology and security: RegTech.  RegTech stands for regulatory technology and deals with the adjustments needed by other organizations to comply with the changes in legal framework foreseen.

Why the GDPR frequently mentioned and emphasized of high significance, is primarily for two reasons: First is that, GDPR does not only obligate European bases or Europe originated organizations but all the organizations that currently undertake any kind of work in European Union. So that the organizations are obligated under the regulation, of course they shall be dealing with work including personal data. Considering the scope of personal data and also relevantly the European Union countries’ position in the world economy, the GDPR compliance seems to have become an imperative in relevant business environments. Second reason is that the EU aims to integrate the digital economy in a single fundamental ground to make operations more effective and besides all, give citizens back control over of their personal data. A digitalized economy brings things both in a simpler picture also a more transparent picture. The transparency organizations struggle and work to achieve was emerged from the 2008 financial crisis when the finance sector could not even explain its own methodology and logic while doing business. The visible picture will allow for people to restore confidence in finance through technology while as witnessed in crisis, without endangering the reputation and trust in the supervisory and regulatory competency of the government. All in all, this was also the spark out of which fintech has risen.

Although there is no clear cut line that can seperate fintech from regtech, regulatory technologies canbe said to be more on the security field of business. They develop systems of automation in order to render data transparent, easy to access and share. Using cloud computing as a disruptive technology it is, regtech firmss help financial institutions analyze the huge amounts of information received and based on previous regulatory failure it helps the institution to detect potential risks to avoid them.[1] This implementation saves the institution time and by neat compliance also money through the avoidance of multi-million euro fines. Regtech tools provide real-time monitoring of transactions with the purpose of detecting an unusual transactions or threat to system. It also aims to provide resilience after the attack if it is realized. A small inward working security team is not capable of detecting failures and possible trending threats outside the network of the organization when the regtech team’s core business foresees it. Thence, the regtech firms is clearly able to help the institution minimize costs while detecting risks and getting rid of them along the road.

Here are two distinctive Regtech startups:

• Suade: Helps banks to submit required regulatory reports without disruption to the banks’ architecture

• Passfort: Automates the collection and storage of customer due diligence data.[2]

[1] https://www.investopedia.com/terms/r/regtech.asp

[2] https://www.investopedia.com/terms/r/regtech.asp