Banks Risk 'Missing The Love' on GDPR

When we think about the assets of high street banks, we usually visualise piles of gold bars locked in a safe, or even towers of coins.

The reality, though, is that the information that banks hold on their customers is increasingly more valuable than stores of precious metal.

Technological innovation means that banks can use their data to target existing customers with old products, or to bring in lucrative new clients. But on May 25 next year, high street banks might have to press the delete button on huge swathes of these valuable data assets. 

If banks were being forced to flush gold bars down the toilet, they’d have had something to say about it by now. So why do so many of them seem blissfully unaware of the effects of the General Data Protection Regulation (GDPR), and the problems that it might cause them?

What is GDPR and why should banks care?

GDPR is a new data protection regulation that will cover all EU citizens and all companies that wish to sell to them (or indeed trade in Euros). While many of the rules are similar to those that banks are familiar with now , the new regulation is even hotter on consent. 

If banks are holding and using customer data, consent for them to do this must be freely given, and 100 per cent affirmative. That sounds easy enough, but it can be hard to prove for banks that have customer data going back decades. And if customers have given consent in the past in a way that was compliant at the time but is not any more (for example by not choosing to untick a preticked box) then the bank holds on them isn’t compliant now. They must either contact the consumer and get them to agree all over again, or they might have to delete the data that they hold.

Get it wrong, and the consequences can be severe. The most serious violations of the GDPR can be penalised with a fine of up to four per cent of global turnover, or up to EU20m, whichever is the greatest.

To put that in perspective, the fines issued last year by the Information Commissioner to British companies would have been up to £69m under the new regime, compared with £880,500 under the current one. The message is clear. Banks cannot afford to keep people’s data if they don’t have explicit consent, because they will be punished severely for any mistakes. 

What will bank customers do?

Consumer Intelligence data shows that high street banks have a challenge that can either be treated as a problem or an opportunity. Their customers don’t feel rewarded and don’t trust them enough to let them keep their data, meaning that they may have to delete it when GDPR comes into force or try and explain the “legitimate purpose”.

Some banks have a bigger problem than others, and the scale of the problem roughly correlates with banking brands who score poorly when it comes to consumer trust and satisfaction. 

First Direct, for example, which topped the most recent Which? Poll for customer satisfaction, has a greater percentage of customers who are willing to let the bank use their data, even if they switch away. Nationwide, which came second in the Which? Poll, also has a larger percentage of customers who agreed that data could be used for “legitimate purposes” if they switch away.

Banks with lower trust and customer satisfaction scores are less likely to have customers who will let them hang on to their data.

“It is the banks who have lost a connection with their customers who will suffer the most,” says Ian Hughes, CEO of Consumer Intelligence. “We can already see that they are the ones that will have issues. The answer is to try to reconnect with the customer - then they will be willing to let banks keep and use their data.” 

How banks could miss an opportunity.

Of course, banks are gearing up for GDPR, but they are gearing up to it from a compliance and risk standpoint, worrying about whether their data is in the correct shape to keep them from a fine. This approach totally ignores customers. It leaves Marketing out of the loop and forgets that the one simple thing you need to do to get a customer to want to connect with you is to connect with them.

And herein lies the danger. They will be contacting customers to ask them for permission to use the data, and may even have to ask them to come into branches to show identity documents. Done the wrong way, this will alienate and anger customers further, making them even less likely to allow banks to keep their data.

“The Achilles heel of the big banks is their inability to connect with the customer,” Mr Hughes says. “But if they start to see GDPR as an opportunity to connect, to reaffirm their commitment to each customer, they can turn this to their advantage.” 

Focus on the love

Seeing GDPR as an opportunity means taking it off the compliance table, Mr Hughes says. “This is an opportunity for the brand. Don’t contact your customers because you have to. Contact them because you want to. Get them back on board with your customer service.

GDPR is a challenge, but it isn’t the compliance and risk challenge that people think. It’s a challenge to banks to focus on the customers who love them, and who they should be loving. Know your customer, and everything else will follow.”

 ¹ https://www.nccgroup.trust/uk/about-us/newsroom-and-events/press-releases/2017/april/last-years-ico-fines-would-soar-to-69-million-post-gdpr/

Delete Day: How GDPR and ePrivacy could be an opportunity or an apocalypse

Data is the lifeblood of the modern insurance industry. It influences everything from pricing to claims, and insurers are constantly searching for the right data on the right customers. Without data, the insurance industry just ceases to operate...