As much as in any area of regulation, the General Data Protection Regulation reflects an effort by the European Union to lead the conversation on the subject of data protection and data privacy. The stated aim goes beyond harmonization and talks of GDPR as an “Essential step to strengthen citizens’ fundamental rights in the digital age”. As such, the EU is shaping up to implement a strict data privacy regime, with far-reaching implications for customer service and a huge amount of preparatory work in terms of compliance (see below).
The GDPR will bring in the requirement to confirm explicit and unambiguous consent from customers about what a financial services institution wants to do with their data. There are also a number of rights which are enshrined in GDPR. These include the right of the individual to be forgotten, the right to be notified after a security breach, the right to data portability and the subject access request, whereby the individual can ask of a data controller or processor what data is stored on them and why.
The level of understanding about GDPR across the European financial services industry is mixed, and many are unfamiliar with the regulation. But the penalty for non-compliance will be up to 4% of global annual turnover or €20 million, whichever figure is higher. This alone should be enough for all financial services institutions to take note, prioritize the GDPR and start preparing without delay. They have until May 2018 to comply, so they should start preparing without delay.
Customer service implications
It could be the case that frequently being required to give consent – which must now be time limited and for specific purposes – to financial partners to use their data will be seen as a chore. Alternatively, individuals could become more selective with their data. Consumers could start to get a feel for the monetary value of the access they grant to their financial services partners. Meanwhile, the degree of personalization financial services institutions can offer is likely to be impacted by the restrictions in the regulation.
So, certain avenues could be closed off by GDPR, and financial services institutions will have to re-imagine how they can differentiate themselves, how they can build loyalty in a world where profiling is harder and data is portable.
If you are an end user and would like to learn more about this topic, our IDC Financial Services Forum in October will be discussing it in more detail, and is free to attend. Join IDC and industry experts on October 11, 2016. Thomas Zink, Associate Research Director for IDC Financial Insights, will be conducting the show (watch a short video below):