Indian banks and financial institutions are well prepared to adhere to the provisions of GDPR, feel Akhilesh Tuteja, head of risk consulting, and Kunal Pande, partner for IT advisory, at KPMG India. They say in an interview with Banking Frontiers: “While financial services sector is highly regulated, there could be possible impact on these institutions, especially since most of them have global operations.
They are also of the view that because of the regulated nature of financial sector in India, most of the banks have strong cyber governance mechanism which can be significantly leveraged to be compliant to GDPR. “But, certainly banks and financial services institutions in India would be required to go for data protection assessments to dig out the risk hidden in respective processes within their environment. Such privacy impact assessments concerning personal information can usher to sectorial reforms in policies pertaining to protection of personal information within the banking and financial services sector. Besides, the industry needs to figure out processes and develop mechanisms to address requests from individuals which are based on their rights under GDPR,” they say.