The DPO Centre Index was created earlier this year to provide outsourced Data Protection Officers and EU Representation. The DPO Centre’s Data Protection Officers work with a wide variety of organisations managing personal data within the Fintech, Medical, Healthcare, Tech, eCommerce, Charity and Not-for-profit sectors. As well as fulfilling the statutory requirements required by legislation the DPOs assist in identifying how evolving data protection legislation will affect organisations and the steps they need to take to comply.
Rob Masson is a data protection specialist and CEO of The DPO Centre. He is described as a serial entrepreneur, and has been able to found, scale and successfully exit from three technology organisations over the course of the last 30 years.
What has been the traditional response to financial innovations?
The Financial Services industry is heavily regulated and the standards for data and privacy have always been high. However, complying with these requirements haven’t always been seen as customer friendly or commercially positive and many complexities remain for those organisations whose legacy systems are in need of updating to enable compliance. Fintech providers mostly do not have these legacy issues. Fintech offers a clear opportunity for a new, more efficient, effective, and customer-friendly approach to finance. However, there are privacy and data protection issues which need to be addressed. The speed, intangibility and global nature of digital finance could create unforeseen regulatory gaps.
The first DP Index results suggest that changes to the political environment such as Brexit are also causing their own data and privacy issues that Fintech companies will have to understand. The adaptability of the sector will mean responding more quickly than other more traditional business sectors. However, the requirement to review and implement appropriate transfer mechanisms when transferring personal data outside the UK will remain a major consideration.
How has this changed over the past few years?
In the rush to provide solutions, many UK organisations have put data protection and privacy solutions in place that may now need to be assessed to ensure they remain fit for purpose. The key questions that Fintech companies need to be asking:
- Where are the solution providers located?
- Where are their servers located?
- What technical and organisational measures do processors have in place to protect any personal data that is shared with them?
- Are processors subject to data requests under local surveillance laws?
- Do they rely on other businesses (sub-processors) to provide the service and if yes, where are they located?
Asking and understanding the answers to these questions will help organisations comply with their accountability and data transfer obligations under the GDPR. The alternative is that organisations risk breaching data privacy and data security laws.
Is there anything that has created a culture of change inside the company?
The inaugural DP Index results indicated that whilst most data protection professionals believe the UK is ahead of other countries in how it manages data protection and privacy, there are calls for greater investment as privacy issues grow in importance.
The impact of Brexit is a key concern as dataflows between the UK and rest of world are set to become more complex, and has been further complicated in the aftermath of the recent Schrems II ruling, that invalidated transfers of personal data to the US under the EU/UK Privacy Shield mechanism.
What Fintech ideas have been implemented?
To make the financial customer experience easier and more ‘open’, the sector relies on Artificial Intelligence (AI), Machine Learning (ML) and automated decision making. Financial technologies use our personal data to customise the user experience, make lending decisions and manage risk. But what happens if data protection is compromised? Many Fintech companies are acutely aware that to gain engagement, trust and transparency in their service, protection of personal data is paramount.
What are the industry challenges on the horizon?
Data Protection Index members are calling for greater investment in internal resources, software systems and staff training, but only a quarter expect their budget to increase in the next 12 months.
Data protection is one of the fastest-growing areas of business in the UK and Covid-19 has placed it firmly at the top of the agenda for most companies. The initial findings from the DP Index show how vital it is for organisations to get this right because of its impact across every part of a business, from employees, to clients, to complying with the requirements of regulatory authorities.
When given a range of options to rate as their biggest challenge in complying with the GDPR over the next 12 months, the three most popular choices were:
- Accountability/demonstrating compliance 22%
- Data retention 18%
- Brexit 15%
Can these challenges also be aided by Fintech?
Fintech is playing a vital role in creating new, faster and more frictionless ways to use our data effectively and to connect in a new way with our finances. At the same time, data protection and privacy are of increasing importance to data subjects, so Fintech organisations need to ensure they implement processes and procedures that demonstrate transparency and build trust.
The UK Data Protection Index (organised by The DPO Centre and Data Protection World Forum) is conducted every quarter and will therefore build a unique picture of the profession and its evolving views over time. The full report can be found here.
The UK Data Protection Index has been launched by the Data Protection World Forum and The DPO Centre to gain insight into what UK data protection professionals see as the big issues over the coming months. The use of financial technology and solutions has advanced exponentially over the past few months, driven in part by the fallout from Covid-19, with customers demanding new ways of working. These businesses’ smart finance related solutions range from payment gateways to alternative forms of financing and digital insurance, using a variety of innovative solutions such as AI and Blockchain.
Nonetheless, whichever Fintech solutions UK businesses choose to embrace, they must consider them alongside their ongoing data protection responsibilities.