Martin Symonds, Respond Professional Services Manager at Aptean, looks at the ongoing impact of GDPR as it celebrates its second birthday, and considers what steps financial services companies are taking to not only ensure compliance, but to enhance Customer Experience (CX).
In 2018 GDPR was introduced as a means of taking steps towards building a compliant data governance ecosystem. Since its introduction, businesses are having to embed new thinking and best practice into their cultures and processes, as a focus on data management continues to dominate the high level agenda.
Refusing to do so comes with a substantial price tag, with the UK’s Information Commissioner’s Office (ICO) issuing fines of up to 4% of a company’s annual turnover or 20 million euros, whichever is greater, for the worst data offences. And, of course there’s the cost of reputational damage which stands to accompany high profile breaches.
As the 25th May (2020) marked GDPR’s second birthday, and with 90,000 data breach notifications and 144k complaints to Data Protection Agencies (DPAs) in the period to May 2019, many hold the view that GDPR is only just at the beginning of its journey.
And with media coverage, government campaigns and growing familiarity with data privacy consent forms, consumers are inevitably becoming increasingly savvy to their rights, resulting in a projected increase in both requests and complaints in the years ahead. But how prepared are financial services organisations, and to what extent are those preparations integrated with their customer experience (CX) strategy?
The devil is in the detail
In reviewing strategy and processes, it goes without saying that it’s absolutely crucial to consider the way in which the eight different rights requests specified under GDPR, and associated complaints, are managed.
While anyone can register a complaint about the handling of someone’s personal data with the ICO, in reality many requests and complaints are likely to come into the respective company directly. This poses a number of challenges for those without a common means of capturing inbound requests or complaints.
This common means of capturing feedback from any channel, whether that’s a web form, e-mail, social media, branch or call centre, is particularly important when considering the relationship between GDPR and CX, because in addition to incurring potential fines, the way in which these inbound requests and complaints are managed can make or break a customer relationship. Managing requests or complaints in an efficient, consistent manner not only demonstrates best practice and instils confidence with the regulator, but the right approach can induce goodwill and customer loyalty. More often than not, inbound customer interactions are either seeking information or complaining, but if handled well, the experience can be transformed from a negative to a positive one.
Closing the feedback loop
Taking this a step further, capturing these unique insights into the nature of all GDPR interactions, irrespective of channel, will provide valuable feedback to inform data and privacy processes, allowing organisations to track data better, and ensure the correct permissions are sought on every occasion, providing organisations with the potential to mitigate future requests.
Transitioning to a new landscape
Having completed its transition phase, there’s no doubt that GDPR is embedding itself further into the cultures and psyches of the industry, and driven by a number of factors, the next 12 months are likely to see a continued increase in consumer awareness, rights requests and complaints.
The good news is that the financial services industry has a solid track record of compliance with strict privacy and data protection rules, and firms are accustomed to working closely with regulators. Processes are therefore likely to be more established than counterparts in other industry sectors, and these industries will be looking at financial services companies for guidance on best practice
By capitalising on the very best tools available, companies can embrace this new landscape safe in the knowledge that, not only are their complaints management processes able to support all channels and types of request, but that they can leverage these increased volumes of interactions to really enhance the customer experience, consistently, and with confidence.