• by Ray Schultz , June 9, 2017

Europe’s General Data Protection Regulation (GDPR) will add “new layers of complexity to existing practices” for financial institutions, according to an analysis by Maciej Zawadziski, CEO of Piwik PRO, a cloud solution provider.

The tougher rules are at odds with “a simultaneous mandate to innovate their digital strategy and deliver better customer experiences with data,” but banks have little choice but to prepare for it, Zawadziski continues. He adds that marketing and stronger privacy compliance are “not mutually exclusive.”

Slated to take effect next year, the GDPR also applies to U.S. companies that offer services to EU residents, Zawandiski adds.

There are three major changes — and corresponding opportunities:

1. Required Explicit Consent — This puts an end to “implied consent or opt-ins, Zawadziski writes. The challenge is that upfront consent is required to build customer profiles — those that can be used for “loans, accounts, credit cards, insurance plans and other products,” Zawadziski notes. And consumers can opt out at any time and ask for their data to be deleted across all systems.  

The opportunity — That banks can use their GDPR compliance as a “true market differentiator,” Zawadziski states. The GDPR gives them the opportunity to increase transparency, he adds. 

2. Mandates to Minimize Data — Service brands will be allowed to collect and process “the minimum amount of customer data that’s absolutely necessary for a specific purpose,” Zawadziski reports. (In contrast, companies in the U.S. can process and “think” with their data, as privacy advocate Martin Abrams has observed). In addition, they won’t be able to hold onto data indefinitely. 

The Opportunity— The GDPR will force financial brands to “establish better internal communications between data privacy/
compliance officers, data analysts, and the marketers who ultimately use the data, whether for marketing on the brand’s Web site, or through other digital channels like email or a mobile app,” Zawadziski argues. He adds that specifying a purpose for using data is “positive for a marketing strategy,” and can lead to tighter, more efficient targeting.

3. Privacy by Design —The GDPR requires that data protection be observed “at the onset of any project or development of any system across the entire customer relationship,” including use by third parties — for example, when a bank is making updates to its mobile app, or has shared customer data with a marketing automation technology vendor, Zawadziski reports. And companies must have a handle on who owns the data.

The opportunity — That marketers will now have the confidence to “engage with customers across more digital channels,” and that this will limit customer churn.