Finance industry must work together to ensure GDPR privacy notice changes are effective
As companies prepare for new general data protection regulation (GDPR), Steve Martin, Data Protection Officer at Equifax highlights the importance of a consistent approach to making privacy notices understandable and accessible:
“Data sharing and analysis can bring huge benefits to consumers, but raises concerns about how personal information is used, and who can access it. The new general data protection regulation will apply to the UK from May 2018 and emphasises the need for transparency over how personal data is used. It’s a major development designed to provide new rights for individuals, and also strengthens some of the rights that exist under current legislation.
“A core element of GDPR is to ensure companies communicate clearly with consumers, with important provisions around privacy notices detailing how a company manages data. To achieve the regulation’s objective of better communication with consumers, it’s vital that financial service providers work together to agree common wording for these notices. Our industry is notorious for using too much jargon and the changes GDPR brings are an opportunity to improve the public’s understanding of how their personal information is used and kept safe, and their rights to access, control and correct information held on file.
“Sharing data, for example between lenders and credit reference agencies (CRAs), helps to fight fraud and enables consumers to access the right financial products, receive relevant communications, and better manage their finances. We have over 400 lenders in the UK and current privacy wording, for example on applications forms, varies from company to company. This increases the risk of confusion for consumers and potentially limits how data can be used; data can only be shared lawfully if the correct notifications are provided at the outset. To maintain the public’s trust and facilitate the ongoing sharing of data between authorised parties, the industry must ensure privacy notices are both compliant and consumer friendly. We must strike the right balance between being thorough yet concise, transparent and informative, without overwhelming our customers. Our industry is heavily interconnected and it is only by applying a joined-up approach that customers and the companies that service them can truly benefit from on the secure sharing of accurate, relevant data.
“Equifax is working closely with other CRAs to develop standardised wording to explain our role. Lenders will be able to use this, or signpost their customers to it, so that the industry delivers the clear and consistent information that consumers deserve.”