Beyond GDPR: How to make data work for you

Dhanum Nursigadoo
5min read

For the first time in years, notions of data privacy, consent and security are mainstream. It’s a sudden backlash to an issue that infosec experts have been warning us about for even longer.

GDPR has brought in a new wave of privacy concerns. But banks need to make sure they’re not missing out on the opportunities it provides.

Customer privacy in action breaks down into three broad subcategories: security, consent and privacy. Each of them is vital for a company to interact with a customer in a reliable way. The first two are basic and relatively easy for any competent company to follow, it’s the third that trips companies up the most.


Security sounds simple. At first. Everyone’s data needs to be secure. But with a centralised database security is unsustainable as there’s a single point of failure. Any infosec specialist will tell you, it’s an ongoing battle for security.

No security system is infallible, bad actors can come from inside or outside your organisation. If data is fabricated, eliminated or tampered with then your security issue is made worse. If it’s not detected fast enough any products or services tested using that data is tainted. Banks can only maintain a competitive edge if the data informing development is accurate.


Everyone has one version of themselves

Mark Zuckerberg, CEO Facebook

It’s a nice quote, but it’s wrong. Everyone has many versions of themselves. It’s why you don’t have your boss on Facebook, it’s why teenagers don’t have their parents on SnapChat and it’s why Tinder is a popular experiment on faking who you are. People reveal different parts of their identity, through data, to different audiences.

What the data is doesn’t matter. What matters is that it’s not harvested for anything else beyond the original intention.

Surveillance is the business model of the internet

Bruce Schneier, Cryptographer

An alternative popular excuse for intrusions into privacy is “I’ve got nothing to hide”, which fails to realise that not everything hidden is sinister. Everyone has something to hide. But that can vary greatly. Privacy gives customers the freedom to be themselves. And only institutions they trust should be able to see their data.

That data, when given freely, can be used to design and build services that engage customers, are based on real-world behaviours and offer value back to the end user.

Data itself needs to be scrutinised At the moment data collected by banks is simply not good enough. There’s no granularity and without being able to drill down into customer behaviours there’s no certainty behind any data-informed decisions.


Transparency is important. It’s what allows customers to make informed choices and decide who they want to use their data. Ironically it’s the complete antithesis of privacy. But we’re getting to a tipping point with transparency. Companies are, seemingly, deciding for customers whether or not data should be made available to third parties without properly informing them.

Transparency along with near-infinite storage capacity could turn us into sheep

Richard Watson, Futurist and Author of Digital vs Human

GAFA have been increasing their access to customer data for years. Amazon knows everything we’ve bought or browsed. Facebook knows what we like and who we know. Google goes with us everywhere and knows everything we’re curious about.

And part of that is because users didn’t care. The pay-off was new services, or suggestions of a great book they might enjoy, an event that friends attended. There was a clear value exchange for access to, and use of, the data.

Users have become comfortable with the notion of their data being used to improve a service. But new purchase suggestions are one thing. Having your financial details stolen is an emotional and stressful experience, even when protected by safety nets.

Despite highly publicised data breaches and misuse, customers still want GAFA to provide banking services. Partly due to customer loyalty based on a proven record of delivering services tailored to customer needs. Banks need to show the positive impact they can have on customer needs with the data available to them.

It’s not just GAFA who are committing data breaches. Venmo decided to have a payment feed for customer transactions that defaulted to public. Opting-out was possible, but there was no reason for it to default to public.

Financial information is far more sensitive than a social media profile. That’s why it’s necessary for customers to explicitly choose whether they want payment information to be public or not. Even if there are benefits to publicly sharing transaction data it should be communicated clearly from the start. That’s one way banks can act to increase faith in their products and services.

What’s next?

So, that’s quite a bleak landscape around data so far. What can banks do about it?

Unlike GAFA, banks don’t need to sell data to create a financially viable product. They already have products, what is really now at stake is how data can be used to deliver the services of the future.

The data harvested by banks can and should be rolled back into the bank to create a more complete picture of customers.

There is a parallel discussion around the quality of data. Banks have plenty of it, but arguably it is not that useful. There’s no way to discern useful banking data from healthy accounts from zombie accounts.

Even with healthy accounts, a bank doesn’t know what a customer has bought; it sees a series of transactions or credit card payments but no intelligence around the purchase itself. Google’s able to track 70% of in-store purchases in the USA. Amazon has launched stores that track customers every movement.

Without a more refined and nuanced relationship with data, banks can’t deliver the personalised services that consumers have increasingly come to expect.

There’s arguably a related and fourth sub-category of customer privacy, guidance. A role that consists of safeguarding customer data and using that data for the end user’s benefit. This isn’t about data flowing into a PFM tool. Rather, guiding the choices customers make to be more financially stable and profitable and acting in the best interests of the customer.

But without a better understanding of the data on their servers, methods to really drilling into that potential trove of intelligence through data scientists and ethnographers, banks will not be able to provide accurate, let alone proactive financial advice.

Increasing the granularity of that data is the next logical step for banks to compete with the services GAFA threaten to provide. That requires banks to look outside of their own walls and their own data. Seeking out the datasets capable of delivering actionable insight into customers and thinking about data beyond trying to drive conversation based on statistical correlations.