GDPR: the good, the bad and the profitable
Mike Wake, Head of Data Management, SAS UK & Ireland,
Industries worldwide are facing a shake-up with the introduction of the EU’s General Data Protection Regulation (GDPR). However, for the financial services sector, this is yet another legislation to add to the list. The difference being that this time the customer is in the driver’s seat. Nearly half of UK adults intend to activate new personal data rights and 15 per cent intend to activate new rights come May 2018 when the law comes into effect across the region, according to research we recently carried out.
More specifically, 32 per cent of people plan to exercise their rights to access personal data held by their banks and 29 per cent will do the same with their insurance companies. For banks already trying to balance the introduction of digitisation alongside ever-evolving regulation, GDPR means having to service an additional request or fail to comply.
The problem then becomes a question of efficiency and staffing. If staff must focus on requests about customer data, then banks and finance companies need to be thinking about how they can support them in this new function. These organisations must also consider how to plug the staffing gap. If existing teams are to work successfully, banks must analyse their needs and establish what the important priority areas are prior to GDPR coming into play. Without well-defined plans, many finance companies will fail to protect and report on personal data – running the risk of default and costly fines.
Technology can go a long way to helping companies access, identify, govern, protect and audit personal data. However, no single vendor can solve all the issues related to GDPR. That is because it isn’t just about the tech, it is about creating a culture around compliance. Setting out clear policies and communicating these to staff so they can act in a different way once GDPR is formalised, is key to changing attitudes towards data and privacy.
Despite the arduous work of changing established processes, investing in new people, new technology and mitigating the hefty fines that come with GDPR non-compliance, there are also opportunities for competitive advantage and greater profitability.
Complying with GDPR legislation means working more closely with your third-party suppliers to process sensitive data. Essentially, those external support firms using personal data from banking customers can put those organisations at an increased risk. However, financiers can use this as an opportunity to deepen partner relationships. As a first step, the requirement for vendors to assist in complying with GDPR regulations should be written into agreements. This approach provides an opportunity to truly understand how your partners are using personal data to deliver services.
By default, GDPR also brings with it better management of data – the crux of successful customer interactions in the finance sector. Better data management can boost productivity within antiquated banking structures for improved collaboration and greater efficiency. If organisations can manage the data better, then they are better placed to analyse it and benefit from the insights. In addition, a more thorough understanding of the IT landscape, such as current systems and data silos, allows all financial institutions to use data more efficiently to plug gaps with the necessary resources.
Transparency also has other benefits. Enabling customers to have a say in how their data is used is particularly empowering. Financial services go from being a spectatorship to being participatory – empowering individuals to better understand how their data is being used. Transparency is the first step to building stronger relationships and increased trust with customers in an industry flooded with doubt and disbelief.
Transparency in private data use also reduces scrutiny from financial regulators. As an already heavily regulated industry, financiers undergo close examinations of their businesses. GDPR will go a long way to quelling some of the surveillance that currently exists.
There is no doubt that the introduction of GDPR is going to be a long and painful process that will likely incur some heavy fines in the early stages of implementation. Once it is in place, successful compliance will almost certainly provide competitive advantage and business opportunities, leading to cross-functional tasking with customer engagement at the helm.