search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
26


consumers about the data they collect and hold, but also specify which data falls “under the guise of legitimate interests”. This will mean giving a greater level of detail and explanation when seeking consent, as well as providing ways for customers to opt in or out of options around data usage.


“Banks have reasons to process personal data but the legitimate interest provision in GDPR sets a high bar,” says Mithun Sridharan, manager of Sapient Consulting’s data management practice. “For data-gathering purpose, the best approach banks could employ is to focus on whether what they intend to do with the collected data is fair.” Banks shouldn’t rely exclusively on consent to legitimise their processing, he adds, but rather concentrate on making sure they fairly treat their customers rather than obtaining their consent in isolation.


With the threat of erasure looming, have banks sat too long on their data hoards? “Most banks have been using their vital data to some extent, to provide targeted and relevant financial services and offers to consumers,” says Aggarwal. “Whether they have made the most of it is another matter – and they have probably not invested as much as other sectors such as retail.” There are “significant business benefits” to be gained through the smart use of data, so the deadline might cause banks to consider what they can do with data they already hold.


“Compared to other industries that have leveraged and benefited from handling data as strategic assets, banks have lagged in deriving new business models fuelled by data,” says Sridharan. “Most retail banks know their clients’ income and spending patterns on top of other demographic and personal information they have accumulated” Based on opt-in models, banks could analyse clients’ data and proactively make recommendations on insurances, mortgages and relevant services that demonstrate value to their customers. Yet at the moment they don’t, and market comparison sites offer services a bank could do much better.


US banks based outside the EU will also be obliged to fulfil certain obligations under GDPR. The regulation extends to any


Mithuin Sridharan: Focus on whether data use is fair


organisations that process data related to EU residents. Across Europe, says Anstee, banking organisations might be turning


to national governments for assistance with compliance. That becomes complex in the US, where federal and national regulations and laws can overlap and countermand each other.


“It looks like US financial organisations are taking a practical approach,” he adds. “If Europe is a significant market for their business, companies will need to comply, so many are stepping up to ensure they’re ready.” Research from PwC earlier in the year showed that US companies are already racking up bills in the millions of dollars as they look to comply with the incoming regulation.


Last-minute scramble


So, while banks might be ready in May 2018, third-party firms that work with them might not be. Is there still time to paper over the data cracks? “Companies will not know the scale of the effort required to comply with GDPR until they have carried out a complete review,” says Anstee. Once companies have a clear view of the gaps in their current processes they can put together an action plan. Regardless of the amount of effort required – in both time and resources – organisations shouldn’t approach this as ‘papering over the cracks’. This is an opportunity to minimise the risks posed by storing customer data, so it is crucial that all organisations review the data they keep and why they keep it.


“The banking sector has a lot of legacy systems which cause major data management challenges,” adds Aggarwal. “For institutions which have been merged/acquired, this is exacerbated further. Papering the cracks may be an option in the short term, but when GDPR is in effect, demonstrating compliance will require a more robust approach. With consumer data being so well embedded across multiple areas of any business, it is hard to see how disruption will not be a by-product.”


What can be done to lighten the impact of GDPR? “It is important to implement processes and technologies that manage the risks the regulation is supposed to address, rather than simply looking to comply,” states Anstee. “Banks need to thoroughly review how data is gathered, stored, processed and shared. They need to ensure they understand how their partners store and process any data that is trusted to them.”


Darren Anstee: Banks are more ready than most organisations


“Banks should embrace a culture of experimentation and exploration that are the characteristics of nimbler upstarts,” states Sridharan. “This calls for a sea change in thinking and a break out from siloed and risk-averse thinking – the very fabric of what customers have traditionally valued.” To cope with these changing attitudes, he adds, banks should engage with customers across the relevant channels and position content that’s most relevant to their target audience. Product development and delivery models are also “long due” for an overhaul. “Whilst Amazon delivers several hundreds of software updates and enhancements to their platform, large IT projects in the banks are still run using a waterfall approach masquerading as Agile or DevOps.”


“This is the biggest change to data protection laws since the EU Data Protection Directive was passed in 1995,” says Nash. “Getting ready for the GDPR will require time and resources. It’s crucial to start now.” Banks need to know their data, remove non-essential data securely and communicate with all employees and suppliers to educate them on changes within the firm. GDPR is coming, but with a proactive approach there’s no reason banks should be panicking – yet.


www.ibsintelligence.com | © IBS Intelligence 2017


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48