How the GDPR is influencing risk management

With the coming into effect of the General Data Protection Regulation (GDPR), another important piece of regulation for the banking industry entered into force. As the GDPR effectuated from May 2018, the beneficial effects of the GDPR are not yet visible. So far, individuals have only been confronted with dozens of e-mails from data controllers, to whom they had once given their consent. On the positive side, the new data protection regulation resulted in an enormous awareness, both with the customers and the banks, on the importance of the safe processing of personal data. Even more importantly for the banks, it is argued, is the coming into effect of the GDPR will also influence the risk management function of the financial industry. This side effect potentially has far more impact than just creating awareness and the issue of compliance. This paper explains the vison that GDPR fits by itself in a remarkably consistent way with other banking regulations as, for example, the prudential requirements for credit institutions (CRR). This should not come as too big a surprise, since all these regulations stem from the same source, that is, the European Union (EU). But it is good to see that the EU is able to show a consistent view on risk management, which will result in increasing trust in the financial sector. Understanding this view is important for the sector as well, because once the patterns in EU regulation are seen and understood, it can create a clear answer on how to sustainably and efficiently comply with all the upcoming regulations.