With the European General Data Protection Regulation (GDPR) finally coming into effect on May 25, 2018 after years of negotiation and preparation, financial services companies are facing a major challenge that goes beyond the consequences of a breach or the right to be forgotten. These are obviously major considerations given that they have been written into law, but what about maintaining the high level of personalization that customers have come to expect from their banks and brokers?
Could it be that GDPR is actually good for personalization? At a point when GDPR demands that you stop collecting customer data without consent and PSD2 (Revised Payment Service Directive) requires that you open up your data to third parties via APIs, data best practices are changing rapidly and for the better – at least when it comes to improving the customer experience.
In theory, customers will have a better experience by default if they’re comfortable with the scope of data they share with their bank or brokerage, who they likely already trust more than other vendors given the sensitive nature of the personal information one must share to open and maintain an account. As a result, Financial Services firms are potentially more likely to receive explicit customer consent, so they can and should take ‘ownership’ of the data and make sure third-party access through an API is equally compliant and respectful. Reputations are hard won, but easily lost if data is misused.

In practice, here are some areas where GDPR will provide an opportunity to exceed customer expectations, optimize personalization and mitigate risk:

  • Data privacy as a differentiator: Don’t treat GDPR as a formality when you can leverage it as a differentiator. Whether you’re targeting Gen Z, Baby Boomers or any generation in between, privacy is a major consumer concern, so don’t be shy about your compliance efforts and data stewardship.
  • True 1:1 personalization: With explicit consumer consent and unprecedented transparency around shared data, marketers within your firm can unlock true 1:1 personalization in CRM, contextual and behavioral targeting for those who have opted in.
  • ‘Privacy by Design’ to increase trust: GDPR mandates data privacy in every service you provide, and security is among any customer’s biggest digital concerns. Employing a ‘Privacy by Design’ approach across the enterprise puts security at the forefront, increasing consumer trust and mitigating risk.
  • Data governance transformation: ‘Privacy by Design’ also has major implications for data governance, and Chief Digital Officers should be celebrating as they now have the role of ensuring privacy- and consumer-centric data governance across the entire enterprise. The days of collecting data and storing it with no purpose are finally over!
  • Preference and consent management solutions: Customers can own the experience at the highest level when you implement a preference and consent management dashboard to give them further control over how their data is used for personalization, offers, targeting and more.

By Balazs Fejes,
EVP, Co-Head of Global Business,
EPAM Switzerland