With the European General Data Protection Regulation (GDPR) finally coming into effect on May 25, 2018 after years of negotiation and preparation, financial services companies are facing a major challenge that goes beyond the consequences of a breach or
the right to be forgotten. These are obviously major considerations given that they have been written into law, but what about maintaining the high level of personalization that customers have come to expect from their banks and brokers?
Could it be that GDPR is actually good for personalization? At a point when GDPR compliance demands that you stop collecting customer data without consent and PSD2 (Revised Payment Service Directive) requires that you open up your data to third parties via
APIs, data best practices are changing rapidly and for the better – at least when it comes to improving the customer experience.
In theory, customers will have a better experience by default if they’re comfortable with the scope of data they share with their bank or brokerage, who they likely already trust more than other vendors given the sensitive nature of the personal information
one must share to open and maintain an account. As a result, Financial Services firms are potentially more likely to receive explicit customer consent, so they can and should take ‘ownership’ of the data and make sure third-party access through an API is equally
compliant and respectful. Reputations are hard won, but easily lost if data is misused.
In practice, here are some areas where the GDPR impact on financial services companies will provide an opportunity to exceed customer expectations, optimize personalization and mitigate risk:
Data privacy as a differentiator: Don’t treat GDPR as a formality when you can leverage it as a differentiator. Whether you’re targeting Gen Z, Baby Boomers or any generation in between for GDPR opt-ins, privacy is a major consumer concern, so don’t be shy
about your compliance efforts and data stewardship.
True 1:1 personalization: With explicit consumer consent and unprecedented transparency around shared data, marketers within your firm can unlock true 1:1 personalization in CRM, contextual and behavioral targeting for those who have opted in.
‘Privacy by Design’ to increase trust: GDPR mandates data privacy in every service you provide, and security is among any customer’s biggest digital concerns. Employing a ‘Privacy by Design’ approach across the enterprise puts security at the forefront, increasing
consumer trust and mitigating risk.
Data governance transformation: ‘Privacy by Design’ also has major implications for data governance, and Chief Digital Officers should be celebrating as they now have the role of ensuring privacy- and consumer-centric data governance across the entire enterprise.
The days of collecting data and storing it with no purpose are finally over!
Modules to manage consent and preferences: Customers can own the experience at the highest level when you implement a preference and consent management dashboard to give them further control over how their data is used for personalization, offers, targeting
and more.
Short-term, need-to-know data storage: Under GDPR, enterprises have a limit on how long they can store customer data and a requirement to pseudonymize or anonymize data they collect. These built-in, mandated layers of protection for consumer data greatly reduce
the value of the bounty of a data breach.
Complying with GDPR, PSD2 and other data-directed regulations is an ongoing effort, and so is building a consumer-centric data privacy platform that enables personalization, even in scenarios where you don’t have a 360-degree view of the customer.
So, as you plan for the future and build for tomorrow, you can take solace in the fact that it likely won’t be long before a similar regulation hits the US and APAC. Be prepared and take action now to make sure your infrastructure is ready to run, not crawl,
and that your business is thinking about how to protect and leverage data toward differentiated, personalized customer experiences.