May 2018
Banking on GDPR – in simple terms
Written by Paul Maher
The global financial services industry is undergoing a data-driven facelift. As Charles Dickens’ novel “A Tale of Two Cities” almost said, for banks GDPR is ‘The best of times and the worst of times’.
The best of times, because it is brimful of new opportunities to become a true provider of lifestyle-changing services to customers. The worst, because unless a choice is made over securing and not securing data stored in legacy technology, FinTech companies and aggressive competitors from Silicon Valley will affect market share, not just force bank branch closures.
Of course, ensuring data confidentiality is a worldwide issue for businesses. Now though, as we saw with the Facebook and Cambridge Analytica scandal, governments, regulators and ordinary citizens take data privacy more seriously than ever before.
GDPR will have a direct impact on day-to-day operations for banks and some believe it is contradictory to the Open Banking (PSD2) regulation launched in January. PSD2 makes things even more serious, because it forces banks to open up their archives on customers’ spending data. The idea is to offer customers a better banking experience, on par with what they have come to expect in with Amazon and Uber.
On the other hand, GDPR forces banks to ensure the privacy of the data they are holding for their customers. They will need to show consumers they are handling customer data securely and are able to erase customer data when customers carry out their right to be forgotten. If banks do not comply they will incur substantial fines, which could be as high as $20million.
On top of that, regulators are able to call for ad-hoc reports now, in addition to the regular quarterly and annual ones. Currently, the complex IT structures found within banks do not help them provide ad-hoc reports, and some banks do not have complete visibility meaning they are unsure if their data is confidential. Clear and quality reporting is based on three things, data quality, quantity and actionability of the insights provided in the reports.
How can banks manage not only compliance, but excellence, in a short period of time?
Positive Marketing, with its experience working with its Financial Services clients and GDPR, advised and then broadcasted SunTec message on GDPR. Positive helped SunTec create an alternative Point of View where it argued customers will need to be responsible as well for GDPR and understand in simple terms what data they are providing to banks and how financial services firms will be using their data.
In the blogs created by Positive, we also discussed at a technical level how SunTec can help make the most out of GDPR. The content linked how improved data management could happen if banks were able to add a middle layer into IT systems that would wrap around all core IT systems that holds most customer data, condensing all systems of record into one layer. It can also bring in extra benefits such as providing new insight which could improve revenue, widen profit margins and ensure efficiency.
If banks can see GDPR provides plenty of opportunities to get them closer to their customers, 2018 might be the year that consumer trust peaks for the sector.