Regulations and mandates often strike fear in C-suites and compliance managers, as they automatically gravitate toward how these could restrict them or hold back their business. Focusing on the punitive measures that accompany regulations, however, prevents organizations from realizing that compliance can help enterprise’s reach new customers, understand existing customers better and tackle long-delayed infrastructure projects. Figuring out how to monetize a regulation should motivate leaders, not the fear of fines and penalties.
Discussions around the EU’s General Data Protection Regulation (GDPR), for example, tend to focus on the steep fines that accompany the regulation. Meanwhile, enterprise sentiment around the Second Payment Services Directive (PSD2) seems to be more positive, but concerns remain that the regulation will impact some organizations’ business models. Given the media coverage around both regulations and their potential impact on organizations, here are some of the positive outcomes that can accompany complying with each one.
GDPR: A better data strategy means better customer insight
GDPR forces organizations to think more intelligently about their data strategy. Under GDPR, businesses can only retain customer data until the original purpose it was collected for is completed. Once that objective is achieved, the data has to be deleted. GDPR also requires organizations to implicitly ask for consent before collecting a customer’s personal data and explain how this information will be used. What’s considered personal data includes a person’s name, phone number, email address, birthdate, bank account details, credit card numbers, IP addresses and passport information.
Organizing data from the 28 EU member states provides companies with a better understanding of international customer buying behavior. Data that shows a preference for lemon-scented cleaning products in Germany, for example, could justify the business decision to sell other lemon-scented household goods in that country. What appeared to be a menial data organization activity actually generated data intelligence that raises revenue.
Better data on who’s interested in your product presents an opportunity to market to people who are more likely to buy what you’re selling. A database of people who consented to having their email addresses used in marketing email campaigns means these prospects want to hear from your company. They’ll be less likely to delete promotional emails and more inclined to open them and perhaps make a purchase.
GDPR also requires companies to follow established cybersecurity practices and take technical and organizational steps to reduce the risk of a data breach and protect sensitive consumer data. With cybersecurity now a board-level topic and fallout from incidents impacting quarterly earnings, a robust security program is essential. GDPR’s cybersecurity mandates could minimize the impact of an attack, reduce the risk of a breach or help a company recover faster from an incident – all outcomes that positively affect an enterprise and its bottom line.
PSD2: SCA leads to more secure digital lives
PSD2 aims to foster more competition among financial service providers while better protecting consumers when they shop online. The regulation has two key parts: one dealing with open banking, which went into effect Jan. 13, 2018, and one around using strong customer authentication (SCA) to better protect people from cybercrime. That component goes into effect on Sept. 14, 2019.
Under open banking, banks must share a person’s financial records with qualified third-party payment service providers if the customer consents. These records contain details like how much people spend on everything from their mortgage to groceries to travel to what loans they’ve taken out. Opening up banking data to third parties could lead to new products and services that help people better manage their money.
Open banking could also mean more loan customers for commercial banks. Using data analysis to identify less risky borrowers, banks could offer new clients mortgages with low interest rates and other customized consumer lending products, for example. Better determining who is more likely to repay a loan means new businesses, the self-employed and small businesses – groups that have traditionally been viewed as credit risks – could be given credit lines. Meanwhile, non-bank providers have the potential to move into the payment space, opening up a new market for them. And banks and non-banks alike can use PSD2 as a catalyst for infrastructure changes that were desired but lacked backing or budget.
Open banking is also likely to lead to business benefits that have yet to be realized. Startups, for instance, could use banking data to create mobile apps or websites that help people budget better or easily view and manage the accounts they have across multiple financial institutions.
SCA, which requires people to use two-factor authentication to approve certain online purchases, can increase customer confidence that personal information like credit card numbers will be better protected from fraud and cybercrime. There’s also the chance that the more people use two-factor authentication for online shopping, the more likely they’ll be to use the technology to secure other aspects of their lives. Any measure to better protect our digital identities is a welcomed development, at a time when data breaches are becoming common occurrences.
Whether two-factor authentication is embraced for SCA and in people’s daily lives depends on what authentication methods are used. Compared to other forms of two-factor authentication, biometrics is the ideal choice for offering people a convenient and secure way to verify their identity. Using a fingerprint and smartphone to approve a purchase is easier and faster than having to remember and type in a password or searching text messages for a PIN.
Let regulations work for your organization
Smart leaders view compliance as more than checking boxes to meet government mandates. They see regulation as a chance to implement projects that can give the organization an advantage over competitors, learn more about customers and boost sales. With the right outlook, regulations can benefit your company.
James Stickland is Veridium’s CEO. This column previously appeared on Finextra’s website.