Let’s start with the big picture. What does the introduction of GDPR mean for the fintech industry?
It’s essential that fintech businesses get GDPR and privacy protection right. The more fintech grows its market share, the more consumers will expect of fintech firms and make decisions based on how trustworthy they are.
How a business handles a person’s data is becoming increasingly aligned to the question of how trustworthy you are. That is going to continue to be the case going forward. Businesses will need to show that they can protect personal data, but also that they are able to offer clients the best services in terms of the value they can get from their data.
GDPR means that all businesses, fintech firms included, will be under a lot more regulatory scrutiny as to what privacy processes and procedures they have in place. On the one hand it will matter whether they have the documents necessary, which they will be held accountable for - but also whether they are respecting the rights of individuals when it comes to their data. As we all know this will include issues such as consent, and the legal grounds upon which they are to be used, but also protecting data in terms of when a data breach occurs.
There has been a lot of talk about the challenges for businesses when it comes to GDPR. Is there an opportunity set for fintech businesses as well?
I think there are two strands of opportunities. First there is the opportunity for businesses to get GDPR right in order to build trust. If your business model is banked upon the use of personal data, and you are complying with the rules in a way that is compliant and convenient for customers, there is an advantage.
The other strand of opportunity is GDPR-type tools or businesses. Consent management is not a simple thing. When you or I are consenting to something it could be very granular, or it can be very broad. And in different circumstances, as a consumer, you may want to interrogate the organisation at a very granular level.
You may want to know what and why they are sharing your data. How do you deal with that demand as an organisation? Well, there are some really interesting businesses in the fintech space that are saying “look, it’s important to get the consumer data piece right - we can help you communicate and manage data in a way that benefits your customers”.
GDPR is an EU regulation. March 2019 is less than a year away. Will GDPR continue to be the standard for UK fintech businesses post Brexit?
In the short-term - yes. In the long term we will need to see what happens, but like all progression in terms of innovation and technology there is real benefit from global standardisation. Whether that’s the GDPR standard or a global standard, fintech businesses need jurisdictions to work towards.
Because fintech businesses do not want to be stuck in one jurisdiction, it’s important that some of these fintech bridges between regulators across the world try to standardise privacy and compliance issues beyond the UK, EEA or EU. If regulators and legislators would aim towards a more standardised approach it would unlock so much value.
GDPR is one of many compliance and regulatory changes affecting financial services in recent years. What is next? Are there areas we should expect to see a continued push for change?
It’s interesting. In the broader context there are so many things changing in financial services. In fact, some time ago people were calling for a pause in regulatory changes because there had just been so much happening. So what’s next? The industry certainly hopes that it’s regulation enabling new technologies and business models built on new technology. It needs to be fair for investors and purchasers.
Disruption of financial services is still at an early stage. Over the next five years there are many changes that need to take place to ensure that innovation, competition and consumer protection is upheld in a way that benefits consumers and doesn’t favour one business model over another.