support@stormitfinancial.com 
FinTech Trends Newsletter Week 12th June – 16th June 2017
How Financial Firms can help mitigate the onerous tasks of GDPR responsibilities
comply with the onset of GDPR (General Data Protection
Regulation) due 25th May 2018, Speak to Storm IT Financial
to see how we can help you with our Data solutions.
Most Financial & Alternative Investment Firms are busy making sure they are MiFID II compliant for January 3rd 2018 but Firms should also keep an eye on also complying with the onset of GDPR (General Data Protection Regulation) due May 2018, as data protection requirements will become even more stringent. The responsibilities placed on a Firm relating to the data it holds will be two-fold:
*As a Data Controller [ where the Firm enters and maintains personal d ata ], the Firm must comply with rules concerning consent, access and transferability.
*As a Data Processor [ were the Firm holds data on it s own servers ] it must fol- low regulation by ensuring high level cyber security, physical hardware security, strict backup regimes, firewalls and auditing. For example, ‘a Data Processor’ is responsible for monitoring the access to the physical equipment on which the data sits, and the route the data takes to be processed. A good way of doing
this is to produce an Access Control Policy, which clearly sets out roles and rights of staff members, only allowing staff with sufficient rights the ability to access system.
What’s a Firm to do? The answer is to either remain a full Data Processor – with the responsibilities that come with that – or to outsource all its IT. An example of the latter is outsourcing to a hosted MSP (Managed Service Provid- er) like Storm IT Financial, as it will already have policies and procedures in place which will cover the requirements of a Data Processor under GDPR.
Security tools previously only affordable by large organisations can be deployed for use by SMEs – affordable now as costs are falling due to cloud service and data centre provider competition. Services include robust firewalls, enterprise quality antivirus and web filtering, optional encryption of sent emails and management of all access devices [smartphones/tablets/laptops and desktops] used by staff.
Outsourcing the storage, backups, security and processing of data to a company that complies with strict data protection regulations will ease the processing responsibility; “ease” because the organisation will still need to make sure that paper copies aren’t left lying around and that staff are given adequate authorisation to manage access to the data. However, the bulk of an organisation’s responsi- bility under GDPR’s Data Processor requirements can be safely left in the hands of the professionals at the MSP/outsourcing company.
Hybrid solutions, whereby an external IT company manages in-house equipment, can also work, but in such instances one needs to be particularly careful to use a very reputable IT company, like Storm IT Financial.
Let’s consider the following two scenarios: (a) the data storage is remote but the processing local (i.e. on the organisation’s own serv- ers). In this case, the organisation will still be considered a processor or (b) the organisation brings in an IT provider to manage the servers, but the servers are owned by the organisation. In this case, the organisation will still have the responsibilities of a processor. IT providers cannot typically take responsibility that the personal data customers hold is GDPR compliant and therefore the organisation must ensure that the data held complies with the rules.
However, when it comes to processing responsibilities, the burden of compliance will fall somewhere between the Firm and its MSP and or IT provider. What an organisation must ensure is that it is working in perfect synergy with its IT provider in setting out the GDPR pro- cessing responsibilities. They need joint access policies, joint security policies and so on.
In summary, outsourcing all of the IT can greatly simplify the GDPR management process, while a hybrid solution can be GDPR compli- ant, but the Firm must be extremely diligent as to which IT vendor it chooses as a partner to ensure that nothing is falling between the proverbial cracks of GDPR’s processing and procedures.
For more information on Hedge Fund, Asset Management, Private Equity & Alternative Investment telecom & mobile solutions, data storage, data collation & backup advice & IT Services, feel free to contact Storm IT Financial.
Storm IT Financial FinTech News & Trends picks: Week 12th June – 16th June 2017
FCA says regulatory sandbox growing in popularity as second cohort is unveiled
The Financial Conduct Authority has selected 31 firms for its second cohort of regulatory sandbox participants:
EU banks could face fines totalling €4.7 billion in the first three years under GDPR
European financial institutions could face huge fines in the first three years under the new GDPR, according to a study by Consult Hyperion:
Red Deer and TheySay collaborate to bring deep text analytics services to active investment managers
FinTech company Red Deer & TheySay, collaborate to facilitate better investment decision-making for active investment managers:
European Traders Set To Cut Ties With Brokers Due To MiFiD II New Rules
MiFiD II rules set to kick in soon to European Buy Sides:
Why automation – driven by cloud technologies – is becoming more critical for organisations
Companies embracing cloud automation are able to deploy new applica- tions and workloads faster:
Cloud security spending to hit $3.5bn by 2021, says Forrester
Cloud security spending is set to hit $3.5 billion (£2.74bn) by 2021 at a 28% annual growth rate:
Hedge fund launches rise as investor risk tolerance increases
New hedge fund launches in Q1 2017 increased for the first time since the first quarter of 2016:
Amazon Drive U-turn exposes unlimited cloud’s limitations
Even the billions-earning cloud giant can’t afford to host all our junk:
Cordium helps wealth and fund firms fight tax evasion
Cordium has added a solution to its platform to protect wealth and fund firms from financial crime:
Why London is the best place for fintech – even with Brexit
London’s fintech scene expected to continue to grow over the next few years:
Santander’s Openbank relaunched as 100% digital bank
Banco Santander transferring all IT assets and client transactions to the cloud:
https://www.finextra.com/newsarticle/30697/santanders-openbank-relaunched-as-100-digital-bank
Stay out of security breach headlines: 3 things that must be addressed in your cloud agreement
Mitigate the risks associated with such security breach- es:
