Personal data protection – an inconvenience or an opportunity for innovative banks?

KYC
Posted on Categories All, Blog

The GDPR is nothing short of a revolution when it comes to protecting personal data. Passed back in 2016 by the EU, it is about to become reality. And despite initial fears and doubts regarding its nature, companies should rejoice. Customer acquisition via digital channels will soon become much easier.

The GDPR, that is the General Data Protection Regulation, is the biggest set of changes related to personal data processing in years. It’s only natural that many companies approach it with caution. But if you look at it closer, it becomes clear that the GDPR brings a multitude of solutions that will make it much easier and more secure to acquire new clients through digital channels.

LiveBank, the virtual bank branch, has been developed to meet the very same requirements that were laid out in the GDPR since its conception. As a result, it already complies with it. What’s more, the changes introduced by the GDPR may help companies to realize the full potential of video banking.

LiveBank vs GDPR

The LiveBank virtual bank branch aims to combine the biggest selling points of physical branches and web/mobile apps. It allows all clients to perform various banking operations (from opening an account to more complex, such as applying for a loan or mortgage) without setting a foot outside of their house. At the center of the virtual banking branch is video banking, that is the ability to have a video chat with a consultant, at the customer’s convenience. For this to be possible, the digital onboarding (or eKYC) process is used to verify the client’s identity. That’s where the GDPR comes in.

Let’s take a look at the entire process of user interaction with virtual banking to clearly see the benefits the GDPR brings to the table for banks.

  1.  Acquire client consent during an online video session, without any formalities

According to the new regulations, the customer can give their consent in any form, including by voice. It also refers to the so-called sensitive data, which, until recently, required a written consent. It is important to remember that the consent must be a clear and active initiative of the customer.

  1.  Inform your clients about their rights in a clear and comprehensible manner

During a LiveBank video connection, when contacting the bank staff, the customer is not only entitled to give the consent for data processing, but also to receive specific information such as the span and purpose of the processed data. What’s more, they will learn about their rights, including ways to change or delete their data. Recital 58 of the GDPR reads: The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used.

The video channel and direct contact with the consultant is a perfect medium for that purpose. Additionally, LiveBank allows both parties to exchange files and provides tools for screen sharing and message visualization.

  1.  Benefit from the legal coverage of the digital onboarding (eKYC) process

New directives, which introduce the GDPR, are supposed to allow banks for processing biometric data and data from IDs to identify or authorize a natural person’s identity, and to authenticate an activity performed by a natural person. The Digital Onboarding component included in LiveBank allows for verifying a customer’s identity in a few simple steps, which are managed by the bank consultant.

In this process, after obtaining the customer’s permission, the consultant takes pictures of both the customer’s ID and the customer’s face, which will later be used for data verification and biometric analysis. The whole process is recorded, including the customer’s face pictures and their documents, and archived (more in the next paragraph). Once the customer’s identity is successfully verified, the consultant may proceed.

  1.  Record whole sessions and make full use of LiveBank’s register of data processing

According to the new regulations, it is the data administrator’s (in this case, the bank’s) responsibility to obtain and store the customer’s permission in a way that makes it possible to certify that the permission was properly acquired, for example in case of a legal dispute.

LiveBank allows for video, audio and chat recording, including presenting materials as well as business and technical activities. Files and pictures exchanged with the customer are also registered. Every recording has a unique ID number and is accessible only by people with appropriate rights.

  1.  Share data with clients in a convenient way

Now that customers have their own record in banking systems, according to the new regulations, they also have extended rights to access their data. The customer may want their data to be revised, completed, transferred, forgotten, or may object to data processing altogether.

LiveBank Recorder Player module provides tools for managing saved personal data and recorded sessions. The module allows for processing this data – playing, deleting or correcting typed texts (recordings and pictures cannot be changed). It is also possible to export the customer’s text data in easily accessible file formats.

  1.  Respect the right of the customer to be forgotten without any inconveniences

In some specific cases (especially when the data is processed only on the basis of permission, and not on the basis of a clear law regulation), the customer has the right to be forgotten. LiveBank supports this law by sharing report with the structure of the customer’s stored data with the admin. Each conversation is presented with all its elements, including video recordings, audio recordings, chat recordings, saved files or data filled into forms. System admin has the power to make the selection and tag the data, which is to be permanently removed from the system.

  1.  Make your and the customer’s data more secure with pseudonymisation

The GDPR introduces the term „data pseudonymisation” as a means to limit the risk related to data processing. Pseudonymisation is processing data in a way that makes it impossible to associate it with a specific person. LiveBank uses pseudonymisation mechanisms to manage operation and session records conducted in the system.

How to turn the GDPR into your competitive advantage? By changing your perspective

The task of protecting personal data entails a variety of responsibilities – that’s beyond question. As a result, the banking sector’s cautionary attitude toward it is totally understandable. However, a closer look at it shows that the GDPR makes the boundaries of what is allowed and not allowed clearer than ever before, making it easier and safer for banks to introduce innovative digital solutions. First signs of its influence can already be observed. In the past few months, the Bank Zachodni WBK, which has been using LiveBank’s virtual bank branch since 2015, has decided to implement the technology of digital onboarding as well, giving their clients access to their full offer from just about any place on earth.

If you think about the GDPR as a chance rather than an inconvenience, you open yourself up to the world in which digital banking can flourish without any obstacles.