Pub 8 2018-2019 Issue 1

10 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S The Banker’s Guide to GDPR T wo years ago, the European Union (EU) took an unprecedented step toward re- solving the conflict between big data and privacy. Passage of the General Data Protection Regulation (GDPR) ushered in a new era for individual privacy rights, but it created a potential compliance nightmare for organizations that collect and handle data. According to the official GDPR website, “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.” The 1995 directive provided an answer to the division of privacy regulations across the EU, and overall, both the directive and GDPR hold tight to the idea that privacy is a fundamental human right. GDPR, with an effective date of May 25, 2018, has far-reaching implications. Companies in the EU have spent the past 24 months preparing for this date. However, GDPR doesn’t FEATURE ARTICLE KEITH MONSON, CRCM, CSI CHIEF RISK OFFICER The International Association of Privacy Professionals (IAPP) recommends the following three- question test to determine GDPR liability. A “yes” to any of the three indicates a GDPR obligation.