GDPR: Asian banks streamline operations to ease compliance

Author: Karry Lai | Published: 5 Mar 2019

Almost a year after the EU’s General Data Protection Regulation (GDPR) came into force, in-house counsel have told IFLR that lax standards in Asia make it challenging for organisations to meet the high regulation’s high standards. Some are making structural amendments to ensure EU branches are dealing with EU clients.

Most globally active banks will have implemented robust GDPR compliance frameworks well in advance of the regulation’s May 2018 implementation date. However, that may not be the case for all banks in Asia, said Rebecca Terner Lentchner, head of government relations and public policy APAC, BNY Mellon.

By some estimates, under 12% of Asia Pacific-based firms were fully ready for GDPR last May. "The biggest challenges arise from the extraterritorial nature of the GDPR, Asian firms’ lack of familiarity with European regulatory adherence, and the stiff penalties for noncompliance, including breach notifications," said Lentchner.

Additionally, the...