We’re looking forward to welcoming compliance specialist Adam Baldwin to the speakers’ roster at #RISK London this autumn.
Adam is Head of Functions and Business Engagement at BNP Paribas, where he leads a team of lawyers and experienced business professionals. He is responsible for managing the bank’s various eBanking applications and services, identifying and addressing all legal, regulatory and compliance issues.
In today’s data-driven economy, data processors are under increasing pressure to reduce the amount of information they hold, thereby driving efficiency and compliance while mitigating risk.
We spoke with Adam about his career so far and to gain insight into the strategies businesses are employing as they bid to streamline data estates.
Could you outline your professional journey?
I began my career at Allen & Overy, where I trained as a solicitor in their London and Paris offices. I secured secondments at eBay and PayPal, which opened my eyes to the tech space, particularly the expanding world of fintech.
Building on this interest, I moved to the IP & Technology team at Slaughter and May, supporting various financial institutions and disruptors. Since 2016, I have worked at BNP Paribas, initially as a lawyer in the IP & IT Team with a focus on their digital banking offerings.
Expanding on this remit, I took up a hybrid role as Head of Functions and Business Engagement, with a team focussing on the interplay of the various business lines and controlled functions within the bank, such as Legal, Compliance and Risk.
What are the primary motivators for businesses to minimise the data they hold?
When Clive Humby proclaimed that “data is the new oil” back in 2006, businesses across all industries extracted as much data as they could in anticipation of potential value. However, in 2022, sitting on an oil well of data does not seem such an attractive concept, with four key motivators now driving a shift to minimisation:
Data attracts risk. Sensitive data attracts greater risk. Data breaches and cyberattacks are on the rise, with data often the target. With global data protection and cyber security laws expanding and being enforced with rigour, businesses want greater visibility on the data they hold and removal of unnecessary risk.
We have found data minimisation helps product and development teams focus their efforts and structure their product lifecycle. We have seen that narrowing data collection and progressive data management have increased product efficiency and helped ensure global compliance of our suite.
Customer feedback and a shift to privacy is incentivising products and services that operate with minimal data.
Data storage results in a cost, be it the direct storage costs or the extra FTE in managing a larger dataset.
What technologies should businesses be embracing to effectively automate data minimisation?
An effective CRM system is the most important technology that businesses should be embracing. The entry point to the organisation is where the initial investment should be focussed; we only want clean and valuable data entering the organisation.
Many systems now provide tools to automate data minimisation and set policies that align with the business, including defining collection parameters, automated verification and screening, progressive data management and strategic deletion.
With existing data sets, technologies are also available to audit and review. In particular, tools can help mask personal data, which can prove effective in retaining personal data but removing some of the associated risks.
What challenges do organisations face as they bid to improve the effectiveness of data minimisation and galvanise compliant and safer data processing behaviours?
Large organisations with particularly complex datasets face a large hurdle in implementing data minimisation. Data is often poorly organised, inherited from various sources or acquired as a result of M&A.
We observed in 2018 many organisations simply had to hit the reset button on their datasets, with no realistic hope of ensuring GDPR compliance without seeking fresh lawful basis for processing personal data of their customers.
This has a massive cost implication, which is still the largest challenge most organisations face, especially in this current cost-sensitive environment. It is a hard task for Risk professionals to justify the time and expense of a new data strategy (without tangible profits of cost-saving) to their Board.
However, with large fines continuing to be issued globally, both under the GDPR and other local regulation, we can point to genuine threats to help justify the need for safer data behaviours. Simply put, you don’t want your organisation to the be on the list of record fines for 2023!