Back to use cases

Manage data protection restrictions in rollout projects with a global scope

  • Data Protection
  • Digitalization
  • Project Management
  • Asset Management
  • Investment Banking
  • Retail Banking
  • Wealth Management

In this use case, we present how business and IT managers in financial institutions can deploy new projects while complying with different data protection regulatory requirements by implementing digital global data processing and transferring checks.

Clients:

Partner:

Coverage
  • 30+ jurisdictions
Scope
  • GDPR (EU)
  • FADP (Switzerland)
  • PDPA (Singapore)
  • many more
Availability
  • App
  • APIs
Data Classification

Is the data in focus subject to data protection rules?

Data Classification

What are the restrictions IT managers face when handling data pools of external clients or from internal employees?

Data Transfer

Is there information I am not allowed to send or upload to our application hosted in the cloud ?

Data Transfer

What are the restrictions if I want to share data with other stakeholders in my project organisation? How do requirements change if I send the data via email versus sharepoint?

Data Transfer

Are we allowed to share data on screen with people in a conference call?

Data Access

What implications do I face when giving access to people from other business units to sharepoint or a shared drive?

Clarifying data protection restrictions in projects with a global scope

In our digital and ever-connected business environment, the exchange of data happens everywhere. To make such an exchange possible IT specialists need to ensure a constant and non-interrupted flow of information between users, teams and/or systems. Moreover and as important, data is also flowing between international locations and third parties. That is why the clarification of Data Protection principles are critical for both constant compliance of a firm and for IT experts to manage, progress and deploy their projects on time.

The worst scenario for project managers and operational teams of financial institutions is the delay of critical and expensive projects that are flagged as critical, delayed or even over-due because of a systematic miss-management of Data Protection principles and requirements.

What does this mean for financial institutions?

Company growth requires investments into strategic initiatives, such as digitalization. At the same time, they also need to save costs in the ongoing business, resulting in the need for a change in the current business model or IT landscape.

Meanwhile, as technology investments are critical business initiatives, IT departments need to ensure they remain within the considered budget and planned timeline to avoid overrun time and costs. For them, the most critical factor is the efficient involvement of stakeholders who define if new strategic infrastructures are a threat to stay compliant with Data Protection regulations.

For this process to work, IT project managers need to make sure the legal and compliance teams get all the needed information to run a regulatory assessment in full detail and in time. This is time and effort-consuming for both the IT department and the data protection experts.

In the end,  there are no winners – it is a lose-lose-lose situation:

For the IT project team, to structure the information is time-consuming and involves a lot of resources. Plus, they need to continuously align with legal and compliance teams on the exchange of information and proper documentation.

On the other end, data protection teams receive a lot of information they need to filter to identify the important details and triggers to then run a data protection impact assessment on the foreseen IT implications and the data involved.

Finally, for the financial institution overall, the whole project is time and cost consuming from the beginning. They even, sometimes, engage external help that is experienced in the regulatory implications of these types of projects to support with additional resources. In the end, the project exceeds the actual budget constraint and takes more time than anticipated.

The challenge of data protection restrictions in projects with a global scope

The main challenge today is that data protection regulations vary from jurisdiction to jurisdiction. And while one country restricts the handling of specific types of data, others require specific measures to be put in place, and a third might restrict conducting specific data sharing or storage activities altogether. 

Understanding these country-specific elements is just one side of the story for a project manager. Additional complexity comes with different project initiatives and roll-outs on a synchronized global basis which need to be balanced for all the underlying individual country restrictions. This is a hurdle when dealing with country-specific data, besides being a time and resource-consuming analysis.

Companies, then, have just a few options to stay complaint:

Efficiency Risk Minimisation Labour Costs Time Spent
Option 1: Use in-house tools only + ++ + ++
Option 2: Clarify restrictions manually per location + +++ ++ +++
Option 3: Rollout global project initiatives and clarify restrictions case by case only ++ ++ + ++
Option 4: Rollout internationally with smart digital checks ++++ ++++ ++++ ++++

Introducing digital smart data protection checks

Managing IT projects for global financial institutions in the digital age is becoming a highly complicated task. With every new data privacy regulation issued it is getting harder for banks’ IT project managers and compliance and risk teams to work together on assessing regulatory implications. Furthermore, it is difficult to stay on top of the growing number of data processing requirements for every foreseen IT system implementation. 

With a digital data protection solution, not only the cost and time problems get solved, but managers, IT and compliance, have customizable and scalable rules accessible to efficiently answer data protection questions related to company’s projects sustainably and can work together seamlessly. 

To have such a solution, one will need:

  1. Machine-readable data protection rules: a set of country-specific rules customizable by in-house legal teams;
  2. Dynamic access to data protection answers: a way for IT project managers to quickly access answers on IT system initiatives through an easy-to-use app or via intranet;
  3. Easy integration options: technology empowering developers to scale the use of machine-readable with integration into existing processes or in-house tools

Benefits of using digital smart data protection checks

  • Support the IT project manager and its team’s activities with instant feedback on complex IT related data protection requests;
  • Compare different multi-jurisdictional situations and get an instant overview of regulatory implications;
  • Remain compliant with the right set of digitised data protection requirements for IT system activities;
  • Scale thanks to the easy addition of new countries or comparison features.