Blog article
See all stories »

Can payments firms monetise data and meet new privacy laws?

The EU’s General Data Protection Regulation (GDPR) represents a watershed moment for the payments industry. This is not simply another data compliance headache. GDPR enshrines a new idea: that consumers have ultimate control of their data.

 This concept will lead to a new model for the payments industry; one centred on the empowered customer and based on informed consent.

The impact on the payments industry

 Payments industry businesses – from merchants to the financial services organisations that support them – are increasingly looking at how they can monetise their customer data.

Some adopt direct monetisation models, selling their customer data to third parties, whereas others indirectly monetise customer data through analysing payments history to drive up- and cross-sell of new services.

Much of this data is unfortunately anonymized given it is personally identifiable information (Pii) and there is a lack of customer knowledge and/or permission for use. As such it has essentially been stripped of a fair amount of its utility to directly personalise and make offers more customized and relevant.

Either in aggregated form or linked to an individual, how can firms continue to monetise data and also meet the privacy demands of GDPR?


Putting the customer in control

The challenge can be met through informed consent. Firms must take a customer-driven approach to information sharing, empowering the consumer to share and rescind their consent.

It is not enough to simply ‘ask’ for consent. Organisations must capture gained consent in an auditable workflow. This requires a sophisticated information management platform; one which enables an automated and secure digital communication link with the customer.

Once consent is secured, payments industry businesses then need a flexible, secure platform to store and manage the data in customer-driven way. One way firms are looking to build this framework is through digital rights management services that create a digital ‘vault’ for customers to store personal data.

This approach enables simplified and streamlined Data Portability and the Right to be Forgotten; empowering customers and meeting the stipulations of GDPR.


A new model for a changed world

While GDPR is a significant enabling event for the rollout of consent-driven data management, it is a symptom of a wider change. The sharing, and peer-to-peer economies are already shaking up the world of commerce and changing the payments landscape for good. At the same time people are becoming more aware of their personal rights over their own data.

Payments businesses can’t take anything for granted any more. They must proactively enable a customer-driven and customer-centric data framework and provide customers with the tools they need to view and manage their own data. The result will be GDPR compliance, a much better customer experience and a new method for building customer loyalty. It will also mean they can continue to monetise their data. 



Comments: (0)

Stuart Lacey

Stuart Lacey



Member since

20 Nov 2014



Blog posts


This post is from a series of posts in the group:

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

See all