News & Insights

Achieving GDPR compliance through better collaboration

Esther Groen, Lead Banking & Payments at INNOPAY, says that recent conversations with a cross-section of organisations in the Mortgage industry reveal that upwards of 75% of companies see GDPR as fundamentally a compliance exercise. And many are still concerned about their readiness for the May deadline:

"GDPR is creating a framework in which customers will have more control over their own data, and this is forcing complex business change. The Mortgage industry, which has many independent parties involved throughout the value chain, will need to become more transparent about how customers' personal data is used. This poses a challenge for organisations that are not used to dealing with personal data in this way, or who have legacy systems and processes that are not customer-centric".

And the potential penalties for non-compliance are considerably more draconian than under the existing 1995 directive. Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is higher). And arguably the reputational damage to companies in the Mortgage industry – which is necessarily a 'trust business' – will be even more serious.

The lack of clarity over who is responsible for data across the labyrinthine mortgages value chain is particularly concerning for many organisations. This is especially challenging for smaller players which often lack both a comprehensive view on, and an ability to control, how personal data moves through the chain. GDPR will mean that smaller players find it increasingly difficult to manage their liabilities in comparison with their larger counterparts.

We believe that the primary means of overcoming this challenge should be through more effective collaboration across the entire value chain. And organisations should begin by taking practical steps along this journey:

1. Map out how customer data flows through the value chain

2. Analyse where responsibilities lie

3. Identify what opportunities exist

4. Take a short- and medium-term view on risks and opportunities

And as Esther cautions, "Don’t try to solve all of this on your own. There are benefits in addressing some topics in a collaborative process across the entire value chain. By working together, responsibilities will become clearer, and liabilities more easily quantified. And this is where INNOPAY can really help."

Reaping long-term benefits

Once the compliance boxes are ticked, companies can focus on GDPR's potential to revolutionise the way the Mortgage industry operates. Personal data, both within the industry and across the Financial sector as a whole, will become easier to access and, with customers' increased confidence, more readily shared. And this will deliver new business benefits.

Vincent Jansen, Partner at INNOPAY, says, "By better regulating – and creating more trust in how personal data is handled – GDPR will increase customers' confidence and allow their data to be shared and injected into more processes. So, by offering control to the customer, in the end more data exchange will happen and more services will be enabled".

Vincent continues, "If you take the concept of Customer In Control even further than GDPR requires, the Mortgage industry eco-system could adopt and further develop complete data sharing services which empower customers to decide in which services they want to use their data. We see huge potential for the development of data 'schemes' (e.g. framework agreements) which elegantly connect networked products that are hosted by several parties. In this way, you can benefit from 'data sharing as a service', deliver greater customer-relevance by offering new products, and create new value which is based on personal data that can be captured in new business models."

INNOPAY has experience of helping sectors to develop these types of initiatives. iSHARE, a Logistics sector supply chain project, is a recent example. And as Esther concludes, the essential ingredient for success is collaboration amongst all parties in the eco-system.

"GDPR offers organisations the opportunity to open up, become more relevant to their customers, and go beyond their initial services portfolio. The Mortgage industry has a particularly high need for personal data and already manages a huge identity for customers. If companies can access this data and share it efficiently, they can leverage it in many ways. But they need to cooperate for this to happen – this is what Openness and Customer In Control are all about. And GDPR gives you to tools to do that."

If you would like to discuss any aspects within this article, feel free to contact us. We are more than happy to think with you and determine how we can help.