Europe’s Second Payment Services Directive (PSD2) is reshaping the banking sector. At the same time, the introduction of the General Data Protection Regulation (GDPR) has had a huge impact on how companies must protect data. As financial institutions work to comply with both pieces of legislation, how can they balance innovation with protection? There are 5 key action points for financial institutions to consider:
- Be cautious with automation – GDPR prohibits profiling, meaning that full-blown automation can be risky, especially when it comes to significant decisions such as refusing a loan.
- Conduct data protection impact assessments – assessments should take place prior to the processing of financial data and serve to map the risks of processing data and define mitigating measures.
- Design data protection into new products/services – appropriate measures should be taken to achieve GDPR compliance and minimize the processing of data before products/services are launched.
- Be prepared to give consumers information about the use of their data – consumers have the right to know whether their information is being processed and, if so, to receive a copy. When designing products/services, financial institutions need to take this right into account so they can deliver the appropriate information when requested.
- Confirm the erasability of all consumer data – consumers have the right to ask for all personal data to be erased in a timely manner. When designing products/services, financial institutions need to take this right into account so they can comply if requested.