With the imminent arrival of the EU General Data Protection Regulation (GDPR), banks now have less than a year to overhaul the way they handle, protect and store customer data and, most significantly, ensure they have permission to do so.
GDPR – which comes into force in May 2018 – represents arguably the most significant change in data regulations for some 20 years, and will require the banking sector to bolster its data protection and cyber-security processes to avoid costly financial penalties and potentially negative reputational impacts.
Although the regulations have been widely accepted as a step in the right direction, they have also brought a unique set of challenges for the banking sector.
While a great deal of focus has been on the operational side of the equation, data cleanliness and protection, what’s not often considered is another critical aspect of this data security reform: ensuring you have the proper legal basis to communicate marketing messages to customers which could entail considerable re-permissioning to gain proper consent.
By taking the necessary steps to re-permission data by re-contacting existing customers, financial institutions have a unique opportunity to cleanse existing data and remove contacts who are not interested in their services and solutions, and concentrate on those who are.
Re-permissioning is possibly one of the most important marketing campaigns banks will ever run and needs to be properly planned, created and delivered as a co-ordinated activity to ensure it is done correctly.
Equally fundamental from a cyber-security standpoint, banks must have a plan and process in place to reach out immediately to affected customers in the event of any data breach. The risks of data breaches are extensive for the sector. A gross violation of GDPR – such as poor data security leading to public exposure of sensitive personal information – could result in weighty fines of up to 4% of a company’s global turnover or £17m, whichever is higher.
Under GDPR, organisations have a duty to provide a breach notification to the relevant supervisory authority within 72 hours of becoming aware of any notifiable breach. Such a notification should describe the nature of the personal data breach, including the number of data subjects, the approximate number of personal data records concerned and the likely consequences of the personal data breach. Organisations must also describe the measures taken or proposed to be taken to mitigate any adverse effects, which may involve notifying all or parts of your customer base promptly. Such a solution should be pre-planned and tested.
SIGN UP TO OUR NEWSLETTER TO RECEIVE MORE NEWS LIKE THIS STORY
Development Bank of Wales provides £500,000 to IT repairs business
Comtek Network Systems UK Limited has secured £500,000 of investment from the Development Bank of Wales
Wesleyan Bank names new director
Wesleyan Bank has strengthened its management team with the appointment of Simon Welling (pictured above) as its director of sales and marketing.
Cash Isa savers missing out on transfer market
Half of cash Isa savers aged 55-plus (50%) have never moved their accounts to another provider, according to a new study.
CivilisedBank secures further funding
CivilisedBank is set to receive further funding from current investor Warwick Capital Partners, subject to regulatory approval.
A round-up of the latest specialist banking products
With the continuing expansion of the specialist banking market, this year promises to bring a host of new products and services to the sector.
Hanley Economic BS rebrands
Hanley Economic Building Society has rebranded as it launches its first ever TV advertising campaign.
Lydia raises a further €13m
Lydia has announced that it has raised a further €13m, taking the total amount raised by the French fintech start-up to over €23m.
Fintech as a force for good
The big news around fintech focuses on the many ways it is already making financial services more profitable, more scalable, more secure and more user-friendly.
FIBA commits to 30 events
The Financial Intermediary & Broker Association (FIBA) has announced 30 regional meetings for its members and intermediaries interested in joining the Association.
20% of brands to abandon their mobile apps by 2019
A fifth of brands will abandon their mobile apps by 2019 due to a lack of adoption and customer engagement, according to a study by research and advisory company Gartner.