Building Trust: Lessons Learned from the EU’s GDPR Rollout

August 13, 2018

The U.K.’s Open Banking initiative, coupled with the EU’s broader Second Payments Services Directive (PSD2), presents banking providers and fintechs with a wealth of opportunities, including building more trust and stronger relationships with customers. But they must be balanced with the realities of the new General Data Protection Regulation (GDPR), which is in force for financial institutions (FIs) serving customers in the EU but also offers directional guidance for those serving the U.S. market.

According the Open Data Institute (ODI), 94% of people agree that trust is important when deciding whether to share personal information. This is backed up by this year’s PACE research, which found Trust to be the #1 concern of bank customers in the U.S., U.K., and Germany.

That’s where Consent Management comes in. A flexible consent management tool gives consumers control over the use and movement of their personal and financial data and allows FIs to comply with their customers’ wishes for storing, accessing, and using their personal data.

3 keys to effective Consent Management

A good consent management tool should make it easy for an FI to:
  1. Manage & Track consent – It’s critical to have a system in place that can define consent and data rights policies in one system and simultaneously provide a seamless mechanism for customers to manage their data rights in real time. There are options available that support all the six legal bases for processing personal information under GDPR.
  2. Prove consent was given (audit/compliance) – Transparency is key. Consumers must be made aware of why data is being collected and how the data will be used. FIs need to be able to track, manage and respond to Data Subject Requests to ensure compliance.
  3. Allow for data access/erasure – GDPR has introduced the right for individuals in the EU to have their personal data erased. The ability for FIs to assist and manage this process in a streamlined and efficient way, safeguards against the potential for non-compliance. Offering customers such an option (without the push of regulators) is a great way for FIs to build trust among skeptical U.S. consumers.

Data rights management regulations, such as GDPR, should be viewed less as a burden and more as an opportunity for financial institutions to educate customers on data sharing, while creating a more personalized experience and ultimately strengthening and deepening customer relationships.

Tags: Data Management & Analytics, Technology