Banking data and GDPR: how to manage personal data?
Beyond banking data, financial institutions collect a multitude of personal data about their customers, and seem perfectly capable of securing them. In fact, they are trusted by the French in this respect, but this does not exempt them from having to make significant changes in order to comply with the GDPR.
However, in a sector governed by numerous regulatory texts, such changes can be facilitated, but can also cause some difficulties…
French banking data, between security and trust
If, according to a CSA survey, the hacking of bank details is the risk that worries the French the most (80%), banks are the only organisations that are trusted by the majority of them (53%) regarding the protection of their personal data and the storage of their documents.
According to a Deloitte study, 64% of French people trust their bank and 84% are satisfied with their bank, to the extent that 58% would be willing to provide more personal data in exchange for more personalised advice. 22% would even allow their bank to communicate consumer data to its partners in exchange for discounts.
The French also expect them to provide new services today, 27% of them to secure data on the Internet, 12% to provide an electronic safe, and 21% to manage administrative documents.
As far as their personal data is concerned, they seem to have a great deal of confidence in it. This trust is important, even essential, in a sector that is often required to collect and process information about customers. Although corporate and investment banks are also affected to a lesser extent, the GDPR mainly affects retail banks working with individuals and individual customers.
What data does the banking sector collect?
These banks collect large amounts of data about their customers, a volume that is constantly increasing as the sector undergoes digital transformation.
In addition to banking data, i.e. all the identifiers needed to carry out transactions, such as account or card numbers, the types of data collected are varied:
- identification and contact information
- professional, economic or financial status;
- economic or financial status;
- family data;
- even health status, etc.
All this data is at the very heart of the activity of financial institutions and enables them simply to get in touch with their customers, but also to assess their financial and overall situation in order to better understand their needs and propose personalised offers, and to determine the credit limits to be granted. Finally, all this information is used in part to combat terrorism and money laundering in accordance with the “Know Your Customer” regulation to which banks are subject.
The collection and processing of all this banking data is therefore essential to banking establishments, and given that its value continues to grow, securing it within the banking sector is now partly a matter of respecting the principles of the GDPR, as we shall see in the next article in our dossier on banks and the GDPR…