Digital win-win: Protecting data for safer virtual interactions and positive business results

Author: Luis Maldonado, Professor IE University and Senior Advisor at everis

The General Data Protection Regulation (GDPR) was put in place in the EU with two objectives in the general effort to protect personal information. The first is for the consumer to have control over his/her information, and the second is to standardize criteria for all EU countries. This regulation applies to all European companies that store personal information and all companies that deal with data that belongs to European citizens. The GDPR consists of four general areas:

– Privacy. Entities must receive explicit consent from customers to use their information, and customers must have the ability to remove that permission at any given time.

– Security. Companies must secure data, encrypting it and training employees on managing sensitive information. The company must always be aware of the origin of the information in its possession.

– Transparency. Codes of conduct and certifications must be available by default. The company must inform customers of how data is used and stored. In the case of a data breach, it must be announced within 72 hours.

– Responsibility. Organizations that manage more than 5,000 clients per year must create a position for a Data Protection Officer (DPO). Since creating such a position can prove difficult for small- and medium-sized companies, one DPO is permitted to manage more than one organization.

Yes, there are perks to regulation

While restructuring and investing in technological resources to comply with regulations may seem like a major burden, according to everis and the IE Law School 2018 report “Technology in banking: the opportunity to comply and complete,” most companies view regulation as an opportunity to make positive changes to their businesses.

In many ways, regulation allows organizations to use their data more efficiently, resulting in the following benefits:

• The opportunity to manage data more effectively and better understand customer needs
• The chance to create new business models—possibly based on subscriptions or micropayments since GDPR limits personalized advertising
• The ability to strengthen or regain customers’ trust based on the more secure and careful handling of data

Streamlining the data collection process through data governance

Financial institutions have been hit the hardest by new regulations, because they require a great amount of information from their clients in order to minimize financial crime. To comply with new regulations, requesting such information requires improvements in data management. This can be done through a data governance framework to create an integrated system for securely managing large quantities of data. It involves defining responsibilities to effectively treat information, establishing standard procedures, and creating an implementation plan. Having a formal framework establishes a common purpose and enhances accuracy and thoroughness, leading to greater efficiency.

Successfully adhering to the framework, however, means that businesses must have access to the necessary tools, a common vocabulary, the proper structure and debugging of data, and the elimination of copies of information to minimize errors. Following these guidelines reduces inconsistencies and redundancies in information, overlapping of functions, and lack of efficiency.

An effective system of data governance allows organizations to focus on extracting value from the information they have, which results in a number of benefits:

– Better decision-making based on relevant information and a high level of granularity

– Fewer internal operating conflicts because management processes are optimized

– Use and access to data is democratized

– Products and services are personalized, which strengthens client relationships

– Standard processes are created and can be repeated

– Efforts are coordinated, which results in cost reduction and increased efficiency

– Transparency is ensured

An effective system of data governance allows organizations to focus on extracting value from the information they have. With care, efficiency, and compliance with regulations, the use of data results in positive gains for both customers and businesses alike

New technology and compliance

To comply with data regulation in the EU, adapting existing technology to new standards and the use of new technological solutions have become crucial. The three main innovations used to capture and connect information, leading to compliance with regulations are:

1. Big data: platforms store large amounts of data and allow fast and complex queries to be made on existing databases.
2. Cloud services: cost-efficient and effective migration and data processing. The GDPR recommends using pseudonymization and encryption tools for added security.
3. Master Data Management (MDM): Methodologies, tools, and processes for organizing and compiling information into one file. This is uniquely helpful because it provides a description of customers even if their degree of maturity is still insufficient.

Access the article in Spanish here

Luis Maldonado has developed his career finance, both in the public and private sector. He was advisor to the Minister of Economy in Spain, Director of Strategic Consulting at PwC and CSO for a retail bank. He has also worked for five years at the International Monetary Fund, where he held different positions, as advisor to the Managing Director and in the Monetary and Financial Markets Department. More recently, he was Managing Director of the PwC-IE Business School Financial Sector Center. Currently, he is professor at IE Business School, Senior Advisor at Everis and Senior Digital Financial Sector Specialist at the IFC (World Bank Group). Luis Maldonado holds a Ph.D. in Economics from Alcalá University, he is State Economist for the Government of Spain, and he holds Degrees in Law and in Business Administration from ICADE University.