Banks and financial institutions are privy to a large amount of sensitive and personal data. Not only that, but they hold their customers’ investments and life savings in their hands so they need to be extremely trustworthy in order to inspire the necessary level of confidence in their customers.
Ever since GDPR came into play in the European Union, the need for data protection has intensified not only at a company-level due to the fees applied upon failure to comply but also at a customer-level due to the emphasis being put on their right to the privacy of their personal data.
However, GDPR is not the only regulation to affect the banking industry. Another European regulation has been put in place that changes the way Banks share customer data with third-parties. It’s called Open Banking.
But how can both these regulations coexist if one imposes the protection of data and the other facilitates its distribution, so to speak?
In order to answer this question, it is necessary to fully understand the concept of open banking and everything it entails.
Open Banking is a regulation that requires banks to release data to third parties at the request of a customer. It allows customers to make their financial data available to third-parties whose purpose is to execute financial transactions on their behalf or, manage their finances for example.
Take the example of Mint, a money management app that connects to the customers’ bank accounts and organizes their finances. The only way Mint is able to fulfill its purpose is if it has access to those customers’ financial data. This is possible through open banking and is only done upon the permission of the user.
But of course, if customer data is being shared there is always the risk of a breach so this has to be heavily regulated and undergo extensive risk management.
This means increasing customer security, through strong customer authentication and fraud detection systems.
In reality, both GDPR and Open Banking are about putting the customers in control of their own data. Both regulations offer consumers the control over which data is shared, for what purpose and for how long the data is available for use.
So, these regulations are not in conflict with each other, they are actually complementary in the sense that they have similar goals which are to provide the customer with the best service possible, one in terms of privacy and protection, and the other in terms of financial management and monitoring.