Rich Vibert, CEO and Co-founder, Metomic
UK banks are not as prepared as they should be for Brexit. This is unsurprising given the political wrangling, the challenges posed by COVID-19 and the daunting prospect of a double-dip recession. However, with less than 3 months to go, banks and financial services businesses need to get a firm grip on the impact Brexit will have on their customer’s data privacy, and fast.
We need to talk about data privacy in finance
Before diving into the nuances of post-Brexit data protection, the challenges banks currently face when it comes to data privacy must be addressed. A glaring 62 percent of the data breached last year came from the financial services sector, according to Bitglass. Even more worrying, an Accenture report from March revealed that one-third of financial organisations lacked a clear plan or resources to address privacy risks related to customer data. This is a worrying starting point and Brexit will only bring more challenges as data protection regulation will evolve.
What’s behind a post-Brexit data protection law
Data protection in the UK is currently subject to the EU’s General Data Protection Regulation (GDPR)But once the Brexit transition period ends, organisations in Britain will fall under a UK data protection law that is still to be announced. Thankfully, there is a large chance that the UK will incorporate GDPR principles into its own law, but uncertainty and confusion still remains. And should new local measures be implemented, banks will need to move quickly to become compliant.
However, even with a GDPR-based compliance framework in place, challenges will remain. One of these is ensuring banks are able to transfer data to other European countries; this is important as a quarter of the financial services sector’s annual revenue currently comes from business related to the EU. Financial organisations must also consider the potential consequences of a no-deal Brexit. The UK government has declared it is willing to reach an adequacy agreement, maintaining a free flow of data between countries. However, given the current stalemate, financial institutions should not take that as a given. In a worst case scenario, a no-deal could lead to UK businesses sending data to the EU in 2021 and simply not getting it back. This is not acceptable for a sector that depends on constant transfers of sensitive information such as credit scores. Unpicking the mess will require the investment of time and funds that many businesses can ill-afford.
Customer data at risk, reputation at risk
UK citizens are already wary of the way their data is being treated. The government’s acknowledgment that the UK track and trace system wasn’t GDPR compliant and the privacy concerns around the COVID contact tracing app are just a few of examples that have damaged citizen trust. As such, they need to be reassured that post-Brexit their data will be treated in the right way, not only by the government but by financial institutions. Especially as data breaches are proven to compromise corporate reputation; 49% of customers would not sign up to a service that has suffered a data breach, according to Ping Identity. This has to be addressed if banks are going to survive and ensure that that customer trust is maintained.
A privacy-first mindset for banks
While the future of data regulation in this country remains in flux, we know that privacy and data protection is top of mind for consumers. To maintain the trust and loyalty of their customers, financial services organisations must think ahead and be prepared for any outcome. Fundamentally, this is more about a change of mindset than it is about exorbitant costs. Your ultimate goal should be to deploy a privacy-first approach across the business. This means putting the customer at the heart of your strategy and investing in technology that will help you have clear and continuous visibility over what is happening to all customer data – from transactions to investments.
Fortunately, simple mechanisms can be put in place to help businesses achieve this. For example, there are solutions that allow businesses to embed data protection rules and protect sensitive data within their IT infrastructure. This puts compliance on auto-pilot, minimising risk. These are the types of investment that banks should be making now, as they will save them thousands of hours per year of auditing and developing data management processes.
Data privacy can no longer be treated as an afterthought. The financial services firms that embrace a privacy-first mindset starting now will be better prepared to protect their customers’ data, and therefore preserve trust and their own reputations, regardless of the Brexit outcome.
