GDPR: compliance task or business opportunity?

Written by David Clamp, Founder & Managing Partner of Merlin Digital Consulting.

I recently attended the Connect Media Consulting’s excellent Global CIO Banking Summit where I ran a think tank challenge entitled “25th May 2018 - Strategies for the Future”. Completely fed up with only hearing about GDPR being a boring compliance challenge, I was pleased to lead this and discover the potentially very positive outcomes possible through GDPR. Here is the article with the key outputs. Hope you enjoy it!

Everyone knows the new EU legislation is fast approaching - with 25th May 2018 being the key milestone sharply in focus. The common approach is to consider GDPR purely as a compliance project that has to be done, with the minimum investment one can get away with and certainly avoiding tying up much-needed change resources. "It's a compliance problem - I wonder how they are solving it..."

However, the challenge for the think tank session was to see how banks and other financial institutions can turn this initiative into a really positive business opportunity, using much more “right brain” creative thinking and much less analytical and methodical “left brain” logic. Can there be innovation off the back of regulatory spend?

Overall, a company can have different approaches to GDPR;

1. Reactive: "Will invest if and when I need to and only if forced"

2. Passive: "Minimum investment to satisfy the letter of the regulations, but not the spirit"

3. Proactive: "How can we innovate based on enhanced and more accurate data to really grow the business ?"

The key takeaways to support the “proactive” approach were:

1. Better quality data: GDPR forces everyone to ensure the personal data they hold is of a much higher quality, therefore, easier to use and maintain. Importantly, AI, predictive analytics and machine learning etc.. is only as good as the source data (garbage in...) so better data = much better insights, learnings and resulting business opportunities. 

2. New data sources: With the necessary permissions, access to new data sources for banks and insurers can lead to real insights about customers that, in turn, allow new creative products and services to be offered.

3. Building trust: Banks can become even more the "honest John" to become the "personal databank" for the customer - their money is trusted with the bank, why not their entire personal data set? Trusted banks will not just get more customers and hence more data and insights, they will also get much richer 360-degree view of the customer - a privileged and very enviable position be in (ask any fintech).

4. Customer in control: GDPR puts the customer much more in control (right to be discovered, right to be forgotten etc..). Rather than seeing this as a threat, where there is trust, this transfer of control can have a very positive effect. Often when customers feel in control and they know they can easily opt out of any services, in practice, they don't - in fact, it’s quite the opposite!

5. Intention Economy (link): In this type of economy, customers only publish what data they want to be published, and no more - the Hub of All Things (HAT) is a great example "Enabling HAT owners and HAT-enabled organisations to exchange person-controlled personal data and establishing best practices for personal data exchange on the Internet so that the economy can thrive for the betterment of society" Customer will increasingly treat their data as a tangible asset which has real value. Post-GDPR, it will become a value exchange, not a data exchange. What opportunities are there to return real value?

6. Customer centricity: Rather than "build for compliance", use data to drive real intelligence to allow much more horizontal products and services to be offered - a great Amazon trait. For example, when learning that someone has just had a new baby, rather than an offering a loan, offer a complete package of services based on the real and very timely needs of the customer (not just the industry you are coming from) - discount for nappies and a crate of Redbull with your new life insurance quote ?

7. Selling great customer experiences: Banks no longer sell "tasks" but rather tangible and creative customer experiences, especially in the payments space. Having timely, accurate data is a key enabler here - think Tesco Loyalty card on steroids! Many intermediaries know this and are actively trying to win this rich customer ownership space (e.g. the hugely successful Tink app in Sweden). Also, younger customers switch services and even bank accounts much quicker - often at a "thumb swipe". The race is on....the prize is huge!

8. GDPR and PSD2: Combine GDPR and the Payment Services Directive (PSD2) for enhanced flexibility, faster payments and services and increased participation with non-banks for solutions, such as and P2P payments via WhatsApp in India

9. Data protection: The bank’s data protection strategy is clearly critical and it’s execution more so - but this does not automatically mean reduced flexibility and stifled innovation. It does mean you need to design this in and be intentional about it. Early and effective partnerships with Compliance and IT Security teams is essential here.

10. Mindset: The think tank concluded that biggest challenge to maximising GDPR was getting the right mindset culture within banks, with examples provided of fintechs beavering away, ignorant of these legacy ways of thinking. Control oriented cultures rarely innovate well. Get the right structure and thinking at the leadership level and the rest of the organisation will surely follow.

During this very insightful think tank challenge, the killer quote for me was “whoever owns the trust, owns the customer”. GDPR can be a great catalyst to build real trust with customers through the careful, secure but also imaginative ways banks and insurers can use customer's personal data to offer new innovative products and services that continually delight the customer - they'll even give you permission.

How’s your right brain doing?

Leave A Comment