Banks top rankings on data protection, but must beware complacency under GDPR
With just 200 days to go until the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018, new research from management consultancy Baringa Partners shows that banks are in a strong position when it comes to data governance. However, the firm is warning that banks still risk losing customers should they experience a data breach.
Baringa’s survey reveals that banks top the rankings when it comes to who consumers trust with their personal data. More than three quarters (77%) of people say they trust their bank, compared to 62% for insurers, 59% for energy companies and 58% for TV, phone or internet providers.
These high levels of trust seem to be driven by knowing what personal data is currently held on them, true for more than half (54%) of bank customers, compared to 42% of insurance and TV, phone or internet customers, and just 40% of energy customers. Banks also score highest for communicating the right amount with their customers about their personal data at 55%, compared to 46% for insurers, energy companies and TV, phone or internet providers.
Daniel Golding, Director at Baringa, believes customer loyalty has a big role to play: “Despite the financial crisis, it is clear that people’s faith in banks has not disappeared entirely. Trust is highest where people feel there is a long-standing relationship, so the low churn among banking customers compared to energy or internet providers works in their favour. While banks are the guardians of our hard-earned savings, we are happy for them to be guardians of our personal data, too.”
However, Baringa’s research also reveals that banks face significant risks when GDPR comes into force. Almost a third of people (29%) say that they would immediately switch to another bank if their provider suffered a major breach where their personally identifiable data was leaked.
In addition, three quarters (72%) say they are likely to ask what personal data is held on them if their bank is obliged to respond. Under GDPR, individuals will have the right to find out whether or not personal data concerning them is being processed, where and for what purpose. If companies fail to provide a free electronic copy of their full personal data within a month it will be considered a Tier 1 breach of the rules, leading to a potential fine of 4% of global turnover.
Daniel Golding comments: “While banks may be trusted with customer data, they must not become complacent. From next May, data governance becomes a real bottom line issue, with customer retention at risk, as well as the potential for staggering fines should data requests go unheeded. Even if only half of the reported 70% follow through on making a request, that’s over 18m people. Firms that lack centralised data governance systems will struggle to respond in an efficient and timely way and will face higher costs.
“It’s not too late for banks to respond. They need to ensure they understand all the personal data they hold across their systems. Then they should consider investing in new or enhanced operating systems to allow them to easily trace and erase personal data if they are asked to by customers. Ultimately, it’s about creating a holistic and highly responsive data governance system.”