GRC Tuesdays: It’s Not “If,” but When: GDPR and Banking in America
The General Data Protection Regulation (GDPR), the online privacy guidelines developed to give users control of their data, went into effect on May 25, 2018, for any company processing data from the European Union, regardless of where the company is located. Many major businesses are predicting the arrival of GDPR-like policies in America and are preparing their privacy policies ahead of time and reaping extra benefits for themselves and customers. Is your bank ready?
Embrace the Cautious Customer
In a recent survey by SAP, 68% of consumers reported they do not trust brands with their personal information. This is the result of years of broken trust due to poor privacy policies from careless companies. Reimagining the customer experience to repair this trust should be a top priority for bank CEOs everywhere.
This begins with transparency—the main idea behind GDPR. Collecting customer consent in a clear and explicit manner that satisfies GDPR requirements, even if your bank is outside the legal scope of GDPR, can build trust and potential future business. So can keeping customers informed of changes to business policies surrounding privacy, another GDPR policy.
There’s hope that such measures will work. According to that same survey, 70% of consumers were generally comfortable with retailers, news sites, and service providers collecting personal data if the companies were transparent about how they use that data. That means banks can continue to benefit from personalized customer data if they use it wisely and with transparency.
Consider GDPR an Asset, Not an Enemy
What innovative technologies have you benefited from at your bank? Think of GDPR as one of them—a technology trend that can help your business, not a stifling new policy. Like customer support chatbots and machine learning—powered marketing, GDPR-compliant privacy policies are something you can use to make your bank a cut above the rest.
This is especially true in a market where customers have grown tired of companies taking advantage of their data or simply not treating this data with care. Do you know what happens when a customer unsubscribes from your bank’s marketing materials?
Your bank needs to ensure it has a consistent way to view and store its customers’ data across channels, whether customers access the bank’s site on a desktop computer, use a mobile app, or even if they call the bank on a phone. For many banks, customer data is stored in different locations, which can create a disjointed customer experience.
After unsubscribing from your bank’s marketing materials, e-mails and texts could stop, but if you don’t have synchronized data storage compliant with GDPR standards you might continue to send mail to the customer’s address. This destroys any sense of confidence your customers have in the way your bank manages its data, let alone how you’re keeping it secure.
Protect Your Customers, Protect Your Business
Transparent privacy policies compliant with GDPR help attract new customers and revenue while also preventing devastating penalties and fines. According to an article on Wolf Street, when millions of Equifax customers’ data was compromised in 2017, the company was fined US$27.3 million. Under GDPR, the company would have been fined a minimum of US$24 million or 4% of annual turnover sales, whichever was higher. With a 2016 annual revenue of over US$3 billion, Equifax would have lost US$125.7 million. Clearly, complying with GDPR policies now can save your bank in the future.
For too long, companies have thought more of themselves than their customers when it came to data. They placed a bunch of legal verbiage in their policies to protect themselves—not their customers—in the event of a data breach. And customers could tell. Now more than ever, customers are wary of giving their personal information to businesses, and both banks and customers are losing out on the benefits of a personalized customer experience.
By proactively adopting GDPR-compliant policies that securely manage customer data, you let customers know that your bank is ahead of the curve and committed to the latest trends in technology that give them power over their data and customer experience.
- Read our other GDPR-specific blogs and check out SAP’s GDPR webpage for resources and information about which SAP solutions and services could help you govern your GDPR program and manage and protect your data for sustainable GDPR compliance
NOTE: The information contained in this blog represents the author’s personal opinion and is for general guidance only and provided on the understanding that SAP is not herein engaged in rendering legal advice. As such, it should not be used as a substitute for legal consultation. SAP SE accepts no liability for any actions taken as response hereto.
It is the customer’s responsibility to adopt measures that the customer deems appropriate to achieve GDPR compliance.
This blog originally appeared in the SAP D!gitalist Magazine and has been republished with permission.