Mortgage companies should take seriously
new data-protection efforts spawned by EU
Kathryne (Kate) M. Morris
Partner, Clark Hill Strasburger
President, Collabrian Design & Technology
Illustration by Paula Douglass
In the mortgage industry, compliance issues usually involve protections for
borrowers in terms of equal housing opportunities, as well as loan quality or
profitability. Typically, the industry focuses on compliance issues regarding privacy
and data protection only when there is a data breach.
A new European Union (EU) law could and probably will change that. The EU’s
General Data Protection Regulation (GDPR), as well as similarly inspired
legislative efforts in the U.S., are aiming to ensure businesses are transparent
and accountable for how they collect, process, disperse and use personal data.
Companies across the globe have changed their business practices to offer privacy
by default — and data protection by design — in response to GDPR, which went into
effect May 25, 2018.
The regulation covers, among other things, borrowers’ rights such as the right of
data access, erasure and portability. Failure to comply with GDPR could result in
fines of up to 20 million euros or 4 percent of the offending company’s annual global
revenue, whichever is higher. > > >