Addressing GDPR Compliance Needs for a US-based Financial Services Provider


I often wonder how many times we’ve said that we’d circle back on an issue only to forget about it, and eventually, the issue comes back to bite us.  Many technologists view GDPR as a problem that was solved on May 25th, 2018, similar to how the Y2K problem was put to rest on January 1st, 2000.  The assumption is that since the penalties for non-compliance are so massive that any company doing business in the EU must already have a solution in place. In actuality, what really happened leading up to 2018 is companies analyzed and evaluated their businesses and products and made determinations on their exposure to GDPR requirements.  Companies that were not dealing with end-user data checked the box that they were safe and moved on.  The underlying premise was the thinking that “we’ll deal with it later when the actual need arises.” There’s nothing wrong with this line of thinking as long as the need doesn’t blindside you. In the case of a large US based financial services provider, after four years that time came up rather quickly.

This financial services provider was faced with a situation where a European-based client made it a requirement that their data could not be stored outside the EU. Sure enough, the goal to eventually circle back was forced on them and they had to scramble to find both a hosting and content management partner to expand their footprint to the EU. At the time, this US based provider was only hosting data in North America, and they went down the path to evaluate hosting providers with EU facilities and experience. After evaluating the major cloud providers and content management platforms, they chose IBM’s cloud hosting service along with Systemware Content Cloud platform. With Systemware Content Cloud being container based and platform-agnostic, the service provider was able to quickly stand up new systems in IBM’s facility in Germany and in France and was processing data in near record time.

The moral of the story is that even though GDPR went into effect in 2018, for various reasons companies continue to be put into the position of re-evaluating compliance requirements for their content management needs. In the case of this company, their business, and requirements from 2018 changed substantially and now in 2022 they were forced to quickly rethink how to meet their new GDPR requirements. For companies that are reevaluating how they implemented their systems in 2018, Systemware is prepared to help.