Having reached the one-year anniversary of the implementation of the General Data Protection Regulation (GDPR), we can now begin to assess how the past 12 months have marked a transition to a new data-protection regime and what the consequences have been for digital banking.
Although the legislation has no doubt resulted in a more demanding regulatory landscape, many of the initial fears – for example, maximum penalties for data breaches – have not occurred. Furthermore, the regulation has largely been well integrated into the financial services sector.
But an increasingly digitalised banking sector is more dependent than ever on consumer trust – notably, with the advent of open banking, making it all the more critical to get data privacy and cybersecurity right. In that context, opportunity has emerged in the five key areas listed below as a result of the GDPR and the rise of data protection.
1 – The first-mover advantage
The GDPR has further improved the already-high standards of European financial firms in the handling of customer data, and has helped foster greater confidence in financial institutions as a result. This has also provided a useful example for other countries that are looking to integrate further data privacy and protection measures into their financial systems.
With jurisdictions such as California, Brazil and India looking to adopt laws offering similar protections to the GDPR (such as California’s Consumer Protection Act), UK banks and fintech firms are leading the international pack. This is likely to have a global impact, feeding into standards being evaluated around the world and encouraging the growth of digital banking, driven by high levels of consumer trust in technology and data protection.
2 – Promoting open banking
The GDPR pushed compliance to strengthen data handling practices and security procedures. In doing so, it also emphasised customer control of personal data, shifting power towards consumers. Open banking had just come into effect at the time of the GDPR’s implementation, which paved the way for a host of new digital banking products and services from non-traditional providers.
Under the GDPR, consumers can choose which providers have access to their data, the extent of the information shared, and the time period for which the data can be accessed. The twin push of GDPR and open banking therefore puts digital banking customers in an enviable position, allowing them to not only protect their data, but also to willingly share that data with third parties and fintech providers that offer innovative services.
As more open banking products and services are launched and the benefits of data sharing become ever more apparent, the control and protection from the GDPR could help further drive consumer adoption of open banking services.
3 – Creating opportunities for innovation
Public discussion about the GDPR has helped reinforce data protection as a central issue in financial services. Indeed, boards and executives understand the value of data to businesses and consumers, and the extent to which data protection is a prominent issue in society. With data privacy and security now often identified as a leading concern for boards, business leaders have become increasingly sophisticated in how they think about data.
For many firms working in financial services, the GDPR is more than simply an addition to the regulatory toolkit: it is a genuine strategic advantage. Integrating data protection into core development strategies means that bolder and more innovative decisions can be made. Any observer of the financial services sector can see that banks are innovating more than ever – a testament to their increasing technological and data expertise.
4 – Realising the benefits of ethical data
Technology, increased competition and consumer protection laws have empowered customers, and many of them – especially Millennials – now take ethics into consideration when looking to purchase new goods and services. This focus on ethics has also been reflected in the business community, with firms committing to corporate social responsibility and taking a closer look at environmental, social and governance issues in their supply chains and investments.
In this environment, maintaining an ethical approach to data is a significant advantage. Given how financial institutions are the gatekeepers to sensitive customer data, they have rigorously complied with the GDPR and made the ethical handling of data a priority, as evidenced in the publication of data ethics frameworks by numerous firms. The result is a succinct and easily comprehensible data policy that consumers can engage with – which is good for keeping customers happy, as well as boosting corporate reputation.
5 – Driving a digital defence
With hackers and malicious actors becoming increasingly sophisticated, most organisations operating in financial services will know that it is a case of when, rather than if, a data breach will occur. Any hack or cyber breach certainly runs the risk of having damaging consequences, but the reputational impact depends, to a large extent, on how such a breach is handled.
The GDPR has reinforced banks’ data processes and the procedures to follow in the event of a breach, which could prove vital in stemming reputational loss and demonstrating robust practices to the regulator. In the age of digital and open banking, the GDPR acts as another line of defence, helping to ensure the survival of banking platforms operating online.
One year on from the GDPR taking effect, banks and fintech firms have the resources and expertise to turn regulatory compliance into an asset. While concerns may still exist around what is undoubtedly a stringent compliance process, and issues still arise in how this interacts with business processes and decisions, it has clearly also created opportunities for innovation, differentiation and strategic advantage in an increasingly competitive marketplace.
Author: Brian Craig, Legal Director at TLT
Article featured by World Finance