Having reached the one-year anniversary of the General Data Protection Regulation (GDPR), we can begin to assess how the past year has marked a transition to a new data protection regime and what the consequences have been for digital banking.
Although the legislation has no doubt resulted in a more demanding regulatory landscape, many of the initial fears – for example maximum penalties for data breaches – have not occurred and the regulation has largely been well-integrated into the financial services sector.
But an increasingly digitised banking sector is more dependent than ever on consumer trust, notably with the advent of open banking, making data privacy and cyber security all the more critical to get right. In that context, opportunity has clearly emerged in five key areas as a result of the GDPR and the rise of the data protection imperative.
1. GDPR provides a first-mover advantage internationally
The GDPR has further improved the already high standards of European financial firms in the handling of customer data and helped foster greater confidence in financial institutions as a result. This has also provided a useful example for other countries that are similarly looking to integrate further data privacy and protection measures into their financial systems.
With jurisdictions such as California, Brazil and India looking to adopt laws offering similar protections to the GDPR (such as California’s Consumer Protection Act), UK banks and fin-techs have raced ahead of the pack internationally. This is likely to have a global impact – feeding into standards being evaluated around the world and encouraging the growth of digital banking, driven by high levels of consumer trust in technology and data protection.
2. GDPR promotes open banking and consumer power
The GDPR pushed compliance to strengthen data handling practices and security procedures and, in doing so, also emphasised customer control of personal data, shifting power towards consumers. At the same time, open banking had just come into effect, opening the way for a host of new digital banking products and services from non-traditional providers.
Under the GDPR, consumers can choose which providers have access to their data, the extent of the information shared and the time-period for which the data can be accessed.
The twin push of GDPR and open banking puts digital banking customers in an enviable position, allowing them to not only better protect their data but also to willingly share data with third parties and fintech providers offering innovative services.
As more open banking products and services are launched and the benefits of data-sharing to access these innovative new tools become ever more apparent, the control and protection from the GDPR could help drive consumer adoption of open banking services even further.
3. Strategy driven by data protection and cyber security
Public discussion about the GDPR has helped reinforce data protection as a central issue in financial services. Indeed, boards and executives understand the value of data to businesses and consumers, and the extent to which data protection is a prominent issue in society.
With data privacy and security now often identified as a leading concern for boards, business leaders have become increasingly sophisticated in how they think about data. For many firms working in financial services, the GDPR is more than simply an addition to the regulatory toolkit; it is a genuine strategic advantage. Integrating data protection into core development strategies means that bolder and more innovative decisions can be made. Any observer of the financial services sector can see that banks are innovating more than ever before – a testament to their ever increasing technological and data expertise.
4. Realising the benefits of ethical data
Technology, consumer protection laws and increased competition have empowered consumers, and many – especially millennials – take ethics into consideration when looking to purchase new goods and services. This focus on ethics has also been reflected in the business community, with firms committing to corporate social responsibility and taking a close look at environmental, social and governance issues in their supply chains and investments.
In this environment, maintaining an ethical approach to data is a significant advantage. Given how financial institutions are the gatekeepers to sensitive customer data, they have rigorously complied with the GDPR and made the ethical handling of data a priority, as evidenced in the publication by numerous firms of data ethics frameworks. The result is a succinct and easily comprehensible data policy that consumers can engage with – which is good for keeping customers happy all the while boosting corporate reputation.
5. Compliance drives digital defence
With hackers and malicious actors online becoming increasingly sophisticated, most organisations operating in financial services will know that it is a case of when rather than if a data breach happens.
Any hack or cyber breach certainly runs the risk of having damaging consequences, but the reputational impact depends to a large extent on how such a breach is handled. The GDPR has reinforced banks’ data processes and the procedures to follow in the event of a breach, which could prove vital in stemming reputational loss and demonstrating robust practices to the regulator.
In the age of digital banking and open banking, the GDPR acts as another line of defence – helping to ensure the survival of banking platforms operating online.
One year on from the GDPR taking effect, banks and fintechs have overall had the resources and expertise to turn regulatory compliance into an asset. Whilst concerns may still exist around what is undoubtedly a stringent compliance process, and issues still arise in how this interacts with business processes and decisions, it has clearly also created opportunities for innovation, differentiation and strategic advantage in an ever more competitive marketplace.
This article was first published by World Finance