GDPR, MiFiD II and the role of hybrid cloud

cloud over buildings

How regulations such as MiFiD II and GDPR will affect businesses, and how the hybrid cloud will be crucial to the solution.

This year is notable for the regulations set to have a massive impact on how companies manage their data.

In particular, MiFiD II and GDPR. Both require a major step change in the way data is stored and managed. Becoming compliant is a big challenge – and it’s one in which the cloud will play a crucial role.

What they say

MiFiD II (Markets in Financial Instruments Directive)

Anyone involved in the advice chain will have to keep a full record of all communications with a client which might influence a trade. Given the sheer number of different forms of electronic communications traders use these days, that could become a logistical challenge.

To comply with the regulations, traders will have to ensure that any message can be retrieved over time, along with a confirmation of the time and date at which that message was sent. That data in itself will have to be held securely.

GDPR (General Data Protection Regulation)

On 25 May 2018 the EU’s major directive on data management will come into force. It will place stricter demands on businesses to ensure they make all reasonable provisions to safeguard the integrity of data. It will also make a clearer determination about who is responsible for the management of data.

Fines for breaches of the most important provisions could reach €20million or 4% of turnover, whichever is greater. For lesser breaches, authorities could impose fines of up to €10million or 2% of global turnover.

What the new rules mean

Both will have major implications for the hybrid cloud and any organisation which uses them.

The first is data storage. To Comply with MiFiD II, companies will need to provide complete records of any communication with a client which was relevant to trades going back five years.

Many will naturally assume that their cloud provider will store all transactions, but this is not always the case. Managers will have to switch to a platform which has the capacity to store information long enough to comply with requirements.

They will also have to bring data from multiple apps into one location. Traders naturally work across a number of different devices – from PCs to laptops, tablets and smartphones, but these might not always have the ability to transfer the data.

A good hybrid cloud platform can bring messages from all connected devices and hold them in one easily retrievable location. Traders will also have to agree not to use any devices which cannot store messages for work purposes.

Getting GDPR-fit

As for GDPR – this could have a major implication for all parties – both those who use cloud platforms and those who supply them. All data will need to be securely managed to GDPR-compliant standards.

Users will need to know the location in which the cloud services are based and that each one they use is GDPR-compliant. You should also ensure that the minimum personal data necessary is processed by any single app.

Using the cloud

Technology is changing rapidly, shaping regulations and the way businesses operate. The aim of GDPR and MiFiD II is to ensure the rules are fit for this new environment. To ensure a company remains compliant, the executive team will have to take ownership of data – taking it from a function of the IT Department to a key plank of strategy.