Speaker 1: The impact of GDPR on financial data spaces the General Data Protection Regulation. GDPR is a comprehensive data protection framework enacted by the European Union, EU. It was designed to strengthen and unify data protection regulations for individuals within the UE. The GDPR has had a significant impact on various sectors, including financial data spaces. In this tutorial, we will explore the direct and indirect effects of GDPR on financial data spaces, with a focus on how European regulations are shaping the landscape of financial data management. Data subject rights. One of the key provisions of GDPR is the enhanced rights it provides to individuals regarding their personal data. Under GDPR, data subjects have the right to know how their data is being processed and have the power to request access correction and deletion of their personal information. This has significant implications for financial data spaces as organizations need to ensure they have robust mechanisms in place to respond to these requests. Data Protection Impact Assessments, DPAs, DPR, requires organizations to conduct DPIAS for processing activities that are likely to result in high risks to individuals' rights and freedoms. Financial institutions and other entities operating in financial data spaces need to conduct these assessments to identify potential risks and implement appropriate measures to mitigate them. DPIAS help ensure that data processing activities within financial data spaces adhere to GTRI's principles of privacy and security. Lawful Basis for Processing. Another important aspect of GDPR is its requirement for organizations to have a lawful basis for processing personal data. Financial data spaces that process personal data must identify a lawful basis for processing such as consent, contractual necessity, legal obligations, legitimate interests, or public tasks. This ensures that organizations have a legal basis to process personal data within financial data spaces and that individuals' privacy rights are protected. Data Breach Notification. GDPR mandates organizations to report data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach. Financial data spaces are particularly vulnerable to data breaches given the sensitive nature of the information they handle. Organizations operating in financial data spaces need to have robust data breach response plans in place to ensure timely reporting and mitigation of breaches. Cross-Border Data Transfers. GDPR sets strict requirements for cross-border transfers of personal data. Organizations transferring financial data across borders need to ensure that the recipient country has an adequate level of data protection or implement appropriate safeguards to protect individuals' privacy rights. This requirement impacts financial data spaces with global operations as they must ensure compliance with GPRE's cross-border transfer provisions. Data Protection Officers, DPOA. Under GDPR, certain organizations are required to appoint a Data Protection Officer, DPO. DPOs are responsible for ensuring compliance with GDPR and advising on data protection matters. Financial institutions and entities operating in financial data spaces need to evaluate whether they are required to appoint a DPO and ensure that the DPO has the necessary expertise to fulfill their obligations. Penalties and Fines. GDPR introduced significant penalties and fines for non-compliance. Organizations found in breach of GDPR can face fines of up to EUR 20 million or 4% of their global annual turnover, whichever is higher. Financial institutions and entities operating in financial data spaces need to ensure they have robust data protection measures in place to avoid penalties and reputational damage. Overall, GDPR has had a profound impact on financial data spaces. The regulation has introduced a stronger framework for data protection empowering individuals with more control. Over their personal data, financial institutions and other entities operating in financial data spaces need to adapt their processes, systems, and policies to ensure compliance with GTRE's requirements. By doing so, they can foster greater trust in their operations and uphold individuals' privacy rights in the increasingly digitized financial landscape.