The EU’s new data rules came into effect on 25 May. Now banks will have to wait and see how their customers respond. But who’s to win big and who’s to lose big in this brave new post-GDPR world?
The largest overhaul of data protection regulation in the EU has just come into full force with the implementation of the General Data Protection Regulation (GDPR). For a quick recap, GDPR gives more say to people about what companies can do with their information, and strictly regulates how customers give and take back consent to their data being used. It applies to every single company handling EU citizens’ data. Yes, even if they’re located in the US or Asia.
Alas, the much-dreaded deadline for preparations has now passed, and we have yet to see if and how companies have managed to fully comply with GDPR. The stakes are rather high: organizations are facing heavy fines of up to €20 million or 4% of global turnover (whichever is higher) for non-compliance. But it seems like many of them still haven’t done their homework.
In a survey carried out just a few weeks before the big day, Capgemini found that 51% of banks were largely or fully prepared for GDPR, while 49% were still lagging behind or were only partially compliant. This is quite surprising, considering that of all industries, banking is expected to be the most severely affected. Why? For starters, financial institutions handle a ginormous amount of customer data, including some very sensitive information.
And that’s not all. GDPR also affects how banks develop new products, recruit new customers or extend credit. It requires banks to carry out a privacy impact assessment (PIA) each and every time a new product is launched, and get explicit consent from customers for storing and using their data. Plus, GDPR allows clients to ask banks not to take any automated decisions using their personal information (for example, when applying for credit online).
Data privacy: who can you trust?
But what do customers expect from GDPR and how will they react now that the new regulation is upon us? To no one’s surprise, a recent report by BCG found that consumers view their financial information, like credit card data, extremely private. What’s more startling, however, is that more and more customers think of basic information – such as name, age, gender or interests – moderately or extremely private, too. What’s behind this? Customers are becoming more and more savvy about data collection, and less and less trusting of companies. Looking at different types of data is critical to understanding customer sentiment.
The silver lining? Experts all over the world agree that GDPR compliance can bring real benefits to businesses. Much of this comes down to trust: consumers who have faith in service providers when it comes to data privacy are also willing to spend more, according to Capgemini. Going beyond the basic GDPR requirements in data policies offers even more opportunities for strengthening customer relationships. And if there’s one thing that Facebook’s data scandal has taught us, it’s that data privacy concerns are not something anyone can afford to shrug off.
To win trust, companies must actively engage with customers about their data policy changes under GDPR, BCG says. It’s important to let clients know that you’re on time with GDPR compliance and make your key data use principles public. Actually, many financial services firms ticked this off their GDPR to-do list well before 25 May by sending their clients an email with their updated policies to be more transparent in their data-related communication.
Customers are misunderstood, again
Turns out, companies and customers don’t exactly see eye to eye on data privacy performance. According to Capgemini, 80% of executives believe that clients trust their organization with the privacy and security of personal data. But only 52% of customers agree. This overconfidence can easily blind companies to necessary improvements in data practices and make them lose customers who expect nothing less than a superb data-protection experience.
Getting customers’ consent for using their personal data, a key prerequisite for many banking activities, is another touchy subject. BCG has found that 50% of financial service providers think it’s OK to use consumer data to sell third party products. Shockingly, a whopping 80% of customers think the same. But clients clearly want to have the choice of opting in or opting out. About two-thirds think that opt-out permissions should be asked for personalising offers, marketing third-party products, as well as anonymous or non-anonymous use by third parties.
Another misconception has to do with consumer activism. Around 70% of executives surveyed by Capgemini predicted that customers would not take significant action after GDPR takes effect. Sadly, only 43% of clients agreed. And 57% downright said that they would take steps if they found out that someone didn’t comply with GDPR rules and didn’t protect their data. Repercussions might include spending less at said organisation (71%) or asking them to erase personal data (75%).
Digital sales: what’s to come for banks?
Customers’ next move will largely depend on their level of trust. In the survey carried out right before GDRP kicked in, Capgemini found that 64% of customers were likely to request non-compliant firms outside the EU to delete their data, as only 38% of them indicated high levels of trust. The same figure was 49% for banks, who generally enjoy a higher level of trust with their clients.
Amazon, Google, Facebook, Alibaba and other tech giants posing a competitive threat to banks in financial services, however, seem to have a significantly colder relationship with their customers. Meaning that they face a higher risk of potential data-deletion requests, too. On the other hand, this risk was lower for alternative payment providers and fintechs, like PayPal, Google Wallet or Square Cash, than for banks.
There’s another reason why the post-GDPR era might be a golden age for banks who use insight-driven third-party tools to boost sales. Customers seem less likely to request the deletion of information on their spending and consumption habits, location history or social information. But most of them don’t want to be identified: 61% want to see their passport data or social security number deleted, while 51% are thinking about having their contact details removed.
Being proactive and engaging with customers is a must for banks who want to benefit from GDPR. A European banking giant, for example, asked their customers for feedback on how their data was being used. They found that consumers trusted them but they were looking for more relevant communication and better support with issues like password protection and identity theft. These insights helped the bank to revamp their customer relation management strategy and focus on educating customers rather than product marketing.