Back to News
Article Headers Merje (86)
Share this Article

​Five Data Policies that will impact FS in 2023

As consumer attitudes to money alter amid the cost-of-living crisis, it’s vital that privacy policies are implemented to ensure that financial data is used in a controlled and secure manner. This is because such data is highly sensitive and must be protected according to international standards.

To that end, data privacy continues to be a key talking point within the European Union. Alongside this, there is a proliferation of new privacy laws and amendments to existing laws to contend with.

In particular, there are further global developments to be aware of in Australia, Japan, Taiwan, Vietnam, India, Qatar, UAE, Saudi Arabia, Turkey, Canada, Argentina, Vietnam, Switzerland, and several US states, as well as in the UK. Almost half of these are G20 economies, so such changes are anticipated to be important given the inextricable link between information-driven trade ecosystems.

Simply put, should a business suffer data loss of any kind, it risks severe penalties that could impact its business continuity and wider reputation in the long term. Here we outline the statuses of five data policies that could make an impact on the financial services industry in 2023…

UK Data Protection Reform

The Data Protection and Digital Information Bill, otherwise known as the DPDI Bill, was published in July 2022 but hasn’t yet progressed through the legislative process. GDPR in the UK will not be replaced, but there will certainly be a shift away from viewing regulation as merely a box-ticking exercise in 2023.

UK Addendum and International Data Transfer Agreement

Since September 21, 2022, new contracts that involve personal data transfer to areas not under UK GDPR, the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses are now being used. Existing contracts approved under the Data Protection Directive (Directive SCCs), will be valid under UK GDPR until March 21, 2024, provided operations and the contract remain unchanged and data transfer is secure.

ICO Guidance and Transfer Risk Assessment (TRA) Tool

The UK Information Commissioner’s Office (ICO) published new guidance on data transfers in November 2022, and provided a new TRA tool. Companies can also choose to follow the European Data Protection Board’s (EDPB) advice.

Future UK Adequacy Regulations

The UK Government will be issuing new post-Brexit adequacy regulations, while conducting adequacy assessments with Australia, Colombia, the Dubai International Financial Centre, Singapore, the US, and South Korea. In the future, this group will go on to include India, Brazil, Indonesia, and Kenya. In addition to this, the UK’s adequacy regulations will also cover credit information processed by controllers.

ICO25 and future regulatory approach

The ICO25 will aim to regulate and review the impact of predatory marketing calls, the use of algorithms within the benefits system, the use of AI software in recruitment for which neurodiverse or ethnic people weren’t considered and tested and support of children’s privacy.

All of the above legislation points to how data privacy and protection is now a truly global cause.

In 2020, many industries were forced to move their processes fully online. For example, in the UK, temporary Covid specific guidance on how to conduct Right to Work checks was introduced for employers and now the ability to perform checks digitally is permanent.

The simple fact of the matter is that the digitalisation of manual processes improves the user experience and offers enhanced security when processing and storing personal documents and data. Individuals can assess whether data is being handled in a secure and compliant way, something that is impossible to confirm when employing manual, more admin-heavy methods.

It’s crucial - now more than ever - that businesses are aware of their duty to protect all customer and employee personal information. Organisations can reduce risk and vulnerability to fraud using digital identity verification to securely verify identity and address documents.

They should also question vendors on what their approach is to data protection and privacy by ensuring the highest standards are in place so that their business is not placed at risk. By integrating these digital solutions that also have data protection at their core, companies can overcome any vulnerabilities and develop authentic relationships with their customers.

Top tips for making the most of customer data

These three top tips aim to support businesses as they leverage customer data, while also respecting consumer’s right to privacy:

  • Build trust by taking customer preferences seriously and listening to what consumers want, in line with regulations such as the EU GDPR

  • Manage and take advantage of vast amounts of data while ensuring privacy

  • Harness trust to retain customers.

To that end, employers should harness data privacy processes as a chance for businesses to reflect upon the current state of data governance in their organisation, while acting as a prompt to identify any opportunities for improvement.

Generally speaking, the more transparent a business is on the use of consumer data, the more likely customers will be to have faith in that business and opt to share their information. This means responding appropriately to a customer’s marketing preferences and ensuring all data is stored in accordance with GDPR. Making data privacy a priority is the only way businesses can truly turn customer data into profitable insights that drive growth, success and innovation.

If you’re looking for the best professionals when it comes to implementing data privacy policies and frameworks within your financial services organisation, please get in touch with Mike Ayres, our Principal Compliance & Risk Consultant: mayres@merje.com.