Hoosier Banker 43 BOLI & Deferred Compensation Experts | 800.780.4EBN www.ebn-design.com ©2018 EBN How can we invest in BOLI with our liquidity being so tight? Es ixme cpul et i svoe l Bu teinoenf imt saNn ye tbwaonrkk pheaesr as are utilizing to answer this issue. Ask an EBN Advisor to share his useful strategy. We want to improve the Bank’s investment returns, but how can we do it? Is a Tighter Liquidity Market Keeping You from Making Good Strategic Moves? 1. Data processing. New York University School of Law’s primer on GDPR3 outlines the principles that specifically apply to how controllers and processors obtain and handle the data of EU subjects, including the following: • Legal basis - Controllers must meet one of five lawful bases for processing a subject’s data. It must: be needed to fulfill a contract; meet compliance obligations; protect the individual’s “vital interests”; perform a task in the public interest; and/or meet the legitimate interests of the controller, unless that is outweighed by the individual’s rights. • Express consent - Without such legal basis, controllers must obtain an individual’s consent, which NYU explains “must be freely given, specific, informed and unambiguous.” • Delegation to processors and subprocessors - To outsource to a processor, a controller must obtain written guarantees that the processor and any sub-processors will comply with GDPR. • Contract language and obligations - Contracts between controllers and processors must specifically detail the subject matter, duration, purpose, data type, data subject categories and each party’s obligations and rights. • Breach notification - If breached, controllers and processers must notify regulatory authorities “without undue delay” and within 72 hours of discovery. 2. Individual rights. GDPR grants individuals substantial data privacy rights. Individuals may exercise the following rights, which controllers and processors must fulfill as of May 25, 2018: • Data access - The right to request a copy of their personal data from a controller. • Data correction and erasure - The right to request that any errors be corrected or forgotten, i.e. have their data erased. • Data portability - The right to transfer data to another controller. 3. Governance. Chief among the GDPR principles that relate to accountability are the following: • Recordkeeping - Both controllers and processors must keep a record of all processing activities, and controllers must also conduct inventory audits of the same. • Data protection officer - Controllers and processors that process and/or monitor data on a large scale are required to appoint an officer and grant him or her the requisite authority to fulfill that role. • Data protection impact assessment - Those involved in high-risk processing are required to conduct this assessment. • Designated representatives - Some controllers and processors not located in the EU, but subject to GDPR, must name a representative in the member state where the data is processed or monitored. Even if after conducting the above analysis, your institution concludes that it isn’t covered under GDPR, you still need to understand the law’s broader implications. There is good reason to believe that the United States will follow the EU and enact something similar to GDPR in the coming years. Although it is difficult to predict exactly when or how such a law may come to pass, the 2017 Equifax breach and more recent privacy concerns at Facebook are but two examples of incidents that will likely spur consumers to push for greater privacy protections, and legislators to answer that call. GDPR-liable or not, financial institutions should invest in ways to better protect customer data and privacy. Those that do will not only be better prepared for existing and future regulation, but will also protect their reputations as trusted resources. HB 1 eugdpr.org/key-changes.html 2 iapp.org/news/a/will-the-gdpr-impact-you-4-hypothetical-scenarios-to-help-you-understand 3 wp.nyu.edu/compliance_enforcement/2017/12/11/ the-general-data-protection-regulation-a-primer-for-u-s-based-organizations-that-handle-eu-personal-data BOLI & Deferred Compensation Experts | 800.780.4EBN www.ebn-design.com ©2018 EBN How can we invest in BOLI with our liquidity being so tight? Es ixme cpul et i svoe l Bu teinoenf imt saNn ye tbwaonrkk pheaesr as are utilizing to answer this issue. Ask an EBN Advisor to share his useful strategy. We want to improve the Bank’s investment returns, but how can we do it? Is a Tighter Liquidity Market Keeping You from Making Good Strategic Moves?
RkJQdWJsaXNoZXIy MTg3NDExNQ==