Rabobank working with IBM to make sure data is GDPR ready

Rabobank is working with IBM to help comply with new financial regulations in the EU.

The Dutch multi-national bank and financial services company said is working with IBM to use cryptographic pseudonyms on its client’s personal data.

Later this year, the General Data Protection Regulation (GDPR) will look to create a harmonised data protection law framework across the EU. The regulation aims to give citizens and residents back control of their personal data, imposing strict rules on those hosting, moving and processing this data.

With a month to go, Rabobank said it is addressing GDPR compliance across a number of activities. With IBM Services and IBM Research, the bank has cryptographically transformed terabytes of its client data, including names, birthdates and account numbers, into a desensitised representation – meaning.

Pseudonymization enhances privacy by replacing most identifying fields within a data record by one or more artificial identifiers, or pseudonyms, i.e. replacing a real name with a fictitious one. For GDPR the data is also processed so it can no longer be attributed to a specific data subject without the use of additional information.

Rabobank and IBM Services have been running the project for the past year. Multiple key applications and platforms have been pseudonymized, including the current bank account and savings systems on mainframe, Linux, Tandem and Windows platforms.

“IBM analytics software combined with our cryptographic desensitisation engine achieves pseudonymisation by converting the data into individual hash-based token keys which are completely impermeable today and in the future, even from a fault-tolerant quantum computer many years from now,” said Michael Osborne, cryptographer, IBM Research. “This research is now a commercial technology available to address multiple compliance legislations, cross industry, around the world.”

Earlier this year, Automation Anywhere, a enterprise software provider in Robotic Process Automation (RPA),  announced that its platform is compliance-ready with GDPR. The company’s client roaster includes Rabobank, along with Google, LinkedIn, Mastercard, ANZ, ING, the World Bank, KMPG, PWC and Accenture, among others.

 

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.