To access all of our content, sign up to our platform.
OneTrust DataGuidance’s ‘Thought Leaders in Privacy’ interview series is filmed across the world with leading privacy professionals discussing their advice for staying ahead of the curve and how privacy connects on a wider level with businesses and society. The series captures ideas from a range of subjects including; GDPR and CCPA requirements, data security and breach notification, risk & compliance and emerging technologies.
We spoke to Mridula Muthuraju, Head of Privacy and Record Management at NatWest Markets Plc in December 2019. NatWest Markets is the investment banking arm of The Royal Bank of Scotland Group, providing financing and risk management to UK and Western European customers. Mridula elaborates on some of the key differences in regard to data protection within an investment banking organisation.
Privacy Issues as an Investment Bank
Mridula suggests the two key principles that apply across all levels of business are data safety and security, and the proper and ethical use of the data. However, it is the former that she believes there is a particular focus on in the investment banking world.
“Traditionally, and unsurprisingly, all the focus has been on data safety and data security, and with good reason. Cyber resilience and cyber security is an area that financial services regulators have been really focused on and that is really where the attention of senior management has traditionally been.”
This concern has not lessened, but Mridula notes that there has been a noticeable change in data usage awareness and this, in no uncertain terms, comes down to the rapid shift towards emerging technologies and more customer activity moving online. It is the use of these technologies and the use of the data that is captured that businesses need to be mindful of when taking an ethical approach to processing.
Comparing the GDPR with Regulatory Requirements on Investment Bank Surveillance
Over the past few years, investment banks have placed an emphasis on building comprehensive surveillance programs that monitor issues such as market abuse and breaches of conduct. Mridula explains that the GDPR allows for the processing of such data if it is required under law and there is a legal basis for the surveillance. However, as Mridula notes, it must be done in the spirit of the law and to use data to explicitly identify wrongdoing is a key principle that must be apparent throughout the organisation.
“This is where you really need to be very well engaged with your employee base. There are local laws across Europe that have slightly different nuances that need to be considered. Having a clear, transparent, up to date privacy notice, engaging with working councils and really being transparent with your employees on the data that is being collected and how it is being used is key.”
Watch the full interview with Mridula to hear further about the impact of the GDPR within financial services and the developments that she expects to see in the next 12 months.