This week we attended the Financial Services Forum event on the topic of ‘Is GDPR Good or Bad for Business?’ to discuss whether the GDPR is a competitive advantage or a challenge for financial services organisations.

Following a study last year that showed that 75 percent of the customer data that brands have will become redundant and unusable by 25 May 2018 – the date that the GDPR comes into force – this was a hot topic and the room was packed!


Only 15 percent of companies are ready for GDPR

We heard first from Paul Malyon, Data Strategy Manager at Experian, who focused on the three pillars of access, accuracy, and accountability for compliance with the GDPR, and took us through some research from their DataIQ research report series.

Experian’s survey of a large number of companies in the UK showed some concerning figures…

99 percent of companies are aware of GDPR, but only 15 percent feel they’re very prepared

According to the research, 99 percent of companies are aware of GDPR, but only 15 percent feel they’re very prepared. With only a few months to go until the GDPR comes into force, this low figure is very worrying.

The report also found that 47 percent of companies are currently reactive to Subject Access Requests (SARs), meaning that over half of companies do not react at all at present and, presumably, have no process in place to comply.

Only 38 percent of companies currently use suppression services – checking their customer data against no marketing lists or death records to avoid any repercussions when marketing to customers. Again, this is a very low figure.

Interestingly, the report discovered that 19 percent of companies have a data KPI, and a reporting dashboard that they use to look at things such as the percentage of accuracy of their customer data.

Paul also spoke of how some companies have begun testing their data breach procedures and going through a test run to flag up any issues, and so fix them accordingly. Particularly important in the world of financial services, he poignantly mentioned how breaches by competitors can influence the whole financial services market, with customers looking for reassurance from their own bank, wealth management company, or financial advisor that their own data is not at risk.


Consent vs. legitimate interests – what’s right?

We then heard from Paul Winters, Managing Director at CACI, who explained what CACI had done to become GDPR-compliant, and talked through some of the more ambiguous areas of the GDPR such as choosing the legal basis for processing data for marketing purposes as consent or legitimate interest.

Paul suggested that there was perhaps less to do for financial services organisations to do to become compliant with the GDPR due to already heavy regulations.

Paul spoke of how he disagreed with the Information Commissioner’s Office viewpoint that consent should be opt-in only, and cited a study that CACI commissioned with London Economics, which discovered that over-interpretation of consent provisions could reduce profits from data analytics and customer recruitment of £150 million per year in the UK.


Don’t forget about direct mail!

Finally, we heard from Jonathan Harman, Managing Director of Media at Royal Mail. Jonathan touched upon the oft-forgotten marketing channel of direct mail, and its advantages in the era of the GDPR.

Some of the advantages touched upon were that marketers don’t need consent for postal marketing, and that direct mail offers higher response rates than email.

We also heard how it is easier to stay in touch with people through mail, as people often have multiple email addresses but usually only one postal address.

And of particular interest for marketing folk, we heard how mail primes other media – other channels work better in terms of brand recognition after an individual has received mail from a brand.


GDPR – good or bad for financial services?

It was a great session, enjoyed by all, and whilst there were a few lone dissenters in the room, the overwhelming consensus was that GDPR is good for business.

improved data, transparency, and trust with customers

This is something we wholeheartedly agree with. Under the GDPR, you will have improved data, transparency, and trust with customers, meaning a clearer customer view, which in turn leads to more accurate targeting, and a better customer experience!


How can Codehouse help?

As a Sitecore agency, we design and develop on a platform that can help your company with the GDPR. And we’re fully on top of things when it comes to helping our clients with data, systems, and systems integration to help you comply. 

If you’d like to talk to us about data, systems, and integration challenges, or how the Sitecore Experience Platform can help you comply with GDPR, then get in touch today.