Blog article
See all stories »

Open banking and the legal right to be forgotten

Open banking rests on enabling customers to give consent and control to a third-party relationship involving their data and transactions. This ability to help the customer manage this relationship is key for the bank. The customer has the right to terminate a third party relationship at any time and request to be forgotten.

The legal right to be forgotten becomes law with GDPR in May 2018. The law gives individuals the right to have their data returned with no copies kept. This means banks and the third-parties need to remove all data they are holding on that individual and can demonstrate that all the records are been deleted.

The good news for banking is open banking is neoteric. The bad news is banks have a culture of believing once the immediate transaction has been completed that data used has little value, and treated as such. I’m sure we have all experienced the need to give banks details on our selves when we know they have this information but the bank cannot find the data quickly.  

Most banks started with one service and then added new ones, and eventually designed business silos, e.g. cards using homegrown technology. As groups within the bank collaborated with each other for regulatory and business requirements, data were duplicated, triplicated and quadrupled. To help solve this issue many banks have created data lakes, which in turn have been duplicated resembling data swamps. The PPI saga in the UK is expected to cost the FSI £35 billion and is an indicator of how loose the governance of data surrounding this product has been. Deleting a customer’s data is not going to be easy as it’s being replicated in many parts of the business.

Today technology has grown in leaps and bounds and needs to be used in open banking especially for the consent and control of data.  Each customer needs an electronic file that they can see and update their own information. Self service is now a banking tenant, after all when was the last time an attendant filled your car at the pumps? Once the customer has all the information, should they choose not to continue with that third party, they know what they have given to them and can request to be forgotten.

The bank now has one source of the truth, the customer, and their activities on behalf of the third party can be posted to that file or platform. Upon termination the bank can return the electronic certificate or encrypt the data and give the key to the decoder to the customer. These actions can be shown to the regulator, if need be. 

The technology is there and with open banking there is a need to ensure a culture of fully transparent and comprehensive view of the data is available both internally and externally. Culturally there needs to be one source of the truth, easily accessible and in such a position that it can be deleted upon request.

Open banking can become the new leading edge model of data handling for the financial services industry. It may initially cost 10x that of the yearly homegrown data compliance processes of today but think what we can do with accurate, customer-led information, stored once and customers having the legal right to be forgotten.



Comments: (0)

Retired Member

Member since

19 Mar


Blog posts




This post is from a series of posts in the group:

Trends in Financial Services

A community to discuss the future of financial services and any other interesting trends, strategies, ideas, views.

See all