After a multi-year waiting period, GDPR (the EU General Data Protection Regulation) went into effect on May 25, 2018. Though few penalties for violating GDPR have been issued, many companies are worried about the effects that non-compliance may have — and how GDPR will affect their businesses, especially when it comes to Know Your Customer (KYC) regulations.
KYC is essential for AML (Anti Money Laundering) and the identification of suspicious financial transactions. In this article, we’ll take a brief look at how GDPR may affect KYC regulations, and what you need to know about this data protection regulation. Let’s get started.
1. KYC Data Must Be Protected And Stored More Securely
Under GDPR regulations, financial institutions will have to follow a number of best practices for storing and accessing data. But if KYC data is compromised due to improper adherence to security policies, the penalties under GDPR can be very stiff — up to 2% of global annual revenue, in some cases.
This means that, among other steps, any institution with KYC data must:
- Avoid storing any data in the public cloud by blocking unauthorized cloud tools like Google Drive, Dropbox, etc.
- Have BYOD (Bring Your Own Device) policies in place to protect against unauthorized storage of KYC data
- Update IT security protocols in every area of the business to protect against liability
- Ensure that third-party vendors and organizations meet GDPR requirements
The more secure KYC data is, the better — both for your organization, and your customers.
2. Customers Will Have More Control Over Their Information
After KYC onboarding, customers have more control over their information. The process of obtaining, storing, and managing data must be transparent to customers.
You must also define what information you’re collecting from your customers, and for what end you are storing it. You must keep clear records of all of this data — and your users must have the option to delete some (or all) of it.
This information must also be portable — meaning it can be easily transported from one organization to another. And, in addition, users have the right to an immediate notification if any of their personal information is exposed.
3. Automated Data Processes Will Be Critical For KYC And GDPR Compliance
Automation can help with GDPR compliance in a number of ways.
- Automating the gathering, storage, monitoring, and management of data reduces the risk of an employee error or mistake compromising critical information
- The KYC onboarding and intake process can be streamlined
- Automated data collection will help guarantee portability and transparency of all collected data
We expect that we will see a number of automated, GDPR-compliant tools for KYC on the market soon — which will help reduce administrative burdens and ensure compliance.
Understand GDPR — And How It Affects Your Company
GDPR does not just affect EU companies. Anyone who serves even a single EU customer or organization is responsible for adhering to GDPR — so all multinational companies should understand how this data protection regulation affects them, and the collection of KYC data.
We hope this article has been informative, and helped you get a brief overview of the subject. For more information about GDPR, you can visit the official EU GDPR site, and read a number of documents related to this new regulation.
1 Month of Free KYC , read more here: https://verifer.io/kyc_1month_campaign .
Let’s discuss on any of our social media channels or telegram:
https://twitter.com/Verifer_io
