Becoming fully compliant with GDPR will take some companies time to achieve, says Kieran Kilmartin, Director of Marketing at Pitney Bowes. But it will be worth it in the end…
“Regulatory change is a good thing,” says Kieran Kilmartin emphatically. As marketing director EMEA for Pitney Bowes, a company that helps power billions of dollars of transactions across borders every day and whose job is made infinitely more complex by new rules, that sounds a little odd, to say the least.
“Compliance and regulation are costs, not money makers,” he adds. Warming to his theme, he adds: “However, better data management is always a plus and can have very positive business effects.
“At Pitney Bowes we look at businesses where there are many customers, large volumes of data, and complex relationships within the data. The upcoming General Data Protection Regulation (GDPR) is an opportunity to improve those relationships and processes across organisations.”
As well as managing data, effective communication is a big part of regulation. Clearly, the GDPR and anti-money laundering (AML) initiatives, which span all industries and geographies, are prime topics at the moment. If you consider AML, it’s about entities, individuals, parties, and ensuring that you can understand the relationships across those different parties, whoever they might be.”
In his opinion, one of the biggest challenges for banks is the ability to track and resolve data issues and because the banks have many disparate systems, criminals exploit any organisational gaps.
He’s hoping GDPR will help to plug them.
“Large retail banks have a vast data challenge. I was talking with a bank the other week, and one of its biggest challenges, given its huge customer base, is to gain consent to process data, and to understand where the customer data is.
“A big difference between the Data Protection Act and the GDPR is that with GDPR you have to demonstrate that you know what you’re doing. You have to show you’ve got clear processes, and you’re on top of your data. For a lot of organisations, the Data Protection Act was simply about knowing how to avoid fines – miniscule fines compared to those expected with GDPR.”
It will be a huge cultural change for many organisations, he says, not helped by the sheer amount of data collected since the original DPA was enacted in 1998.
“The amount of data flowing around the internet was minimal compared to today,” he says. “Now, organisations must be far more proactive and attentive, and make people aware of what GDPR means. Within our own business we have documentation that is sent to every part of the organisation, so people understand what it is and what their data responsibilities are. We have some two million customers, and we’re trusted with their data, so we must ensure that our employees understand regulations. It’s the same for any large organisation with many customers and large amounts of data.”
He underlines that gaining customer consent to use data has now become an organisational imperative if you’re in financial services. Click here to read more