The GDPR is not just about Security, but it has been dominating the life of many CISOs since last year.
So … May 25th came and went, quickly followed by the football world cup and a heatwave which wrecked most of Europe and many other parts of the world …
Around GDPR, bureaucracy claimed birthrights over the act and things went back to normal: Snake oil vendors packed their stalls and alleged experts headed for the beach … The anti-climax was predictable, and we are still going through that phase where all players are expecting regulators to set their first fines and wondering “where the big one is going to come from”.
A lot is being read, written or heard about GDPR – it’s relevance, implications to institutions that collect personal data, and ramifications of non-compliance. Therefore, this will not deal with any of these in detail. Keeping it simple we will try exploring 4 specific impact points within financial institutions because of this regulation, and therefore what changes this may ask to be brought about in systems, while meeting its terms under the 99 articles that GDPR comprises of.
Once upon a time, ATS systems stored millions of stale resumes of any candidate that happened to cross its path. When new roles opened and well-meaning human beings attempted to apply or refer, these systems would mostly say, “Resume already exists in database.” If one were lucky, the ATS would say, “Hey! New resume. Let me replace the old one” and if luck had truly run out, it would save two versions leaving the poor recruiter confounded. Then suddenly, GDPR happened.
In August 2017, India’s highest judicial office, The Supreme Court, upheld the right to privacy as a fundamental right of the country’s citizens. In an era, where data is easily disseminated through a wide array of physical and digital channels, we often end up losing control of the very resource that we created and one that defines us in myriad ways.