GDPR – It’s Not A Threat, It’s An Opportunity!

Much has been written about GDPR in recent months and the impact it will have on businesses in the UK, the remaining EU states and also those global businesses that trade with the EU. Many of the numerous articles, blog posts, webinars and other GDPR content focuses on fines and the compliance challenge of this new legislation. But what about the opportunities?

Does GDPR provide online businesses with an opportunity to engage customers and improve the customer journey? In this post Mike Doyle, Senior Product Owner at Secure Trading, shares his thoughts on this subject.

GDPR As An Opportunity For Online Businesses

According to a study commissioned by NetApp in March 2018, over 67% of global businesses are concerned that they will fail to meet the GDPR deadline. The same survey finds that “35% of global businesses think that GDPR could threaten their existence, while 51% think that it could lead to damage to their reputation”. What is becoming increasingly clear from talking to fellow payments professionals is that whilst the burden of GDPR compliance for consumer data-dependant organisations is obvious, the associated opportunities associated with GDPR are very real and significant but much less obvious.

While I’m sure that most readers will already be aware of what that burden is, here’s a brief recap:
All businesses that haven’t done so already will need to reach out to their customers and re-seek explicit consent for their using their personal data. Implied or inherited consent is no longer a sustainable option as the lazy defence for non-compliant businesses and the consent that they now seek must be explicit, clear and concise.

After May 25th customers and business partners now have, amongst other rights, the right to:

• Be clearly and concisely informed how their data will be used
• Access their personal data to view it
• Rectify or amend their data
• Request their data be deleted
• Portability of their data

The burden is significant but one could argue that many of the follow-on opportunities offered by enabling GDPR compliance outweigh the up-front burden of enabling the above. GDPR presents a great opportunity to communicate and engage with your customers and build loyalty and awareness. If you are a business that is concerned about the cost of GDPR compliance then this is good news for you.

Integrating a 3rd party solution to assist with the consumer consent required for GDPR can offer multiple value-added use-cases. There are many solutions available, but typically a single stop GDPR solution and framework can allow businesses to:

  1.  Expand the channels available for customer engagement. Moving communications off email and into mobile App. GDPR solution providers are now offering businesses B2C app based integration with consumer data.
  2. Re-engage with customers and use GDPR as a legitimate opportunity to reconnect with dormant or occasional customers who may be interested in hearing the latest news on your business.
  3. Leverage the re-seeking of consent to also capture ID&V documents for KYC where required
  4. Deploy a consent management platform that uses Strong Customer Authentication (SCA)*. Binding trust via SCA to a device allows this trust to be extended across customer interactions to facilitate a much smoother customer experience with less friction and more conversion.
  5. Use SCA to step-up riskier transactions only as and when required, meaning that authentication can be used as the exception rather than the rule, and stronger fraud-solution providers can take on the role of risk-orchestration.
  6. Build in a biometric (thumb-print, face detection) sign-on mechanism for website logon to optimise the customer experience. This removes the need for passwords and provides a slick and secure sign-on process.
  7. Short-cut the work required for Open Banking Payment Consent should the merchant wish to become a Third Party Payment provider. Consent can be given to allow payment information to be shared with FCA approved providers.

More importantly, solutions from providers like are supplied as Software-As-A-Service (SaaS) models that offer transparent pricing, flexibility, scalability and can be integrated in hours as opposed to lengthy internal development work.

GDPR offers genuine opportunity for hardening and ‘re-enforcing’ the Data Governance policies and processes that were required, but not sufficiently detailed or enshrined in legislation, by the forerunner to the GDPR: the Data Protection Act.

A mature Data Governance policy has a well-documented positive impact on a business’s bottom line and the discipline it instils will decrease future complexity around customer-facing product design, and interaction and solution design in general. In short, good data-governance saves money!

If you would like to discuss this subject in more detail please contact me on 0333 240 6000 or email [email protected]

About the author:

Mike Doyle joined Secure Trading in 2017 as Senior Product Owner after twenty years working in the financial services industry. His has extensive IT experience with a specialisation in payments systems design and financial crime detection, bringing this expertise to Secure Trading to help our customers increase conversion and protect their organisations from payment fraud and cyber crime. Connect with Mike on LinkedIn here, or contact him directly on +44 (0)203 691 2697 or [email protected]

*Strong Customer Authentication is a way of increasing the reliability of authenticating a customer by using two or more of:

• Something they are (fingerprint, voiceprint, retina-scan etc..)
• Something they possess (phone, security fob, Driver’s license)
• Something they know (password, knowledge-based-questions)