The Basel Committee’s BCBS 239 mandates financial institutions to observe the principles set by risk data aggregation and risk reporting (RDARR). As a result, there is an increased focus by firms on their IT architecture and the use of data lakes to ensure compliance.
The Chinese Government announced the final version of a new national standard on personal information protection in January 2018. It lays out detailed regulations for user consent, as well as how personal data is collected, stored, and shared. The regulations were enforceable from May 2018. Although the impact is not yet clear, the regulatory text is expected to contain more stringent requirements for sharing of personal identity information, than those of the GDPR.
The state of California has passed a bill on privacy and protection of personal data, which is similar to EU regulations. The rules will come into effect from 1 January 2020. The law mandates that companies inform their customers of what personal data they have collected, why it was collected, and what categories of third parties have received it. Consumers will also be able to ask companies to delete their information and refrain from selling it.
The self-sovereign identity framework (SSIF) is fast emerging as the next disruptive development around distributed ledger technology (DLT). The SSIF aims to give individuals full control of the storage, retrieval, access, and disposal of their personal data. In the wake of regulations such as GDPR and PSD2, the initiative is assuming greater importance. In the Netherlands, Accenture, APG, Brightlands, Chamber of Commerce, De Volksbank, Rabobank, and TNO are developing a SSIF under the public-private Techruption Blockchain Project. The SSIF will create, validate, and revocate SSIs that can be used in conjunction with blockchain technologies and the (disruptive) applications that are enabled by such technologies. The goal is to specify, validate, and ultimately build a trustworthy, open digital infrastructure for SSIs that is secure, decentralized, open source, and supports privacy, including GDPR requirements