Five reasons why fintechs need to prioritise privacy

Fintech startups know reputation is everything when building a business. Here’s why privacy must be top of the list.

By Nigel Jones

Co Founder of The Privacy Compliance Hub

June 2021

The financial services industry doesn’t look anything like it did 20 years ago. The number of new entrants has skyrocketed, challenging established notions of how, why and when customers can engage with banks and other organisations. But some things never change – and compliance is one of them. 

At the Privacy Compliance Hub, we know fintechs are under constant pressure to rapidly deploy new applications and services. But these businesses typically hold and process large amounts of customer data, and innovation cannot come at the expense of privacy compliance. We work with startups such as Globacap, Wayhome, tomato pay, Credit Kudos and Onfido and have seen how making privacy a priority can pay dividends. 

With heightened regulatory and industry scrutiny of data security practices, and more customer pressure when it comes to preserving privacy, those that take compliance seriously will stand head and shoulders above the rest. Here are some of the challenges facing fintech firms, and how to address them.   

Building trust by protecting customer data

Customers care about privacy, particularly when it comes to their financial information, and are taking action to protect it. A third of UK organisations lose customers after a data breach and four in 10 customers say they’ll never return to a business after a security issue. Fintechs can boost the confidence of customers by demonstrating good privacy practices. That includes considering privacy implications at every stage of developing a new product or service, being upfront about how they’re processing customer data, and promoting the extra steps they’re taking to keep personal information safe. It’s what our co-founder Nigel likes to call “putting the PR into GDPR”.

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

Keeping up with changing regulation

Fintech innovation may move at a fast pace but there’s lots happening in the regulation arena too. Entrepreneurs risk finding themselves in breach unless they keep up to date, particularly if they plan to expand internationally. A fintech cyber security survey found 98% of the top 100 global startups have vulnerabilities in their websites and mobile applications. Using a tool like the Privacy Compliance Hub can help. Peter Edenholm, chief operating officer at tomato pay, says the Privacy Compliance Hub has made keeping up with privacy regulation as easy as it can be. “We meet regularly as a team and catch up informally in between to review what we’re doing and any regulation updates. For any new company that needs to achieve compliance, the Hub’s step-by-step process will help them understand their obligations very quickly.” 

Fighting rising cyber crime 

The World Economic Forum reported the pandemic led to a 50% increase in cyber attacks, with 71% of security professionals reporting an increase in threats since lockdown started. According to Accenture, the average cost of cybercrime is $16.7 million (£11.7 million) for banking companies, 28% higher than for other industries. But fintechs can take a proactive response by investing in regular training – 90% of UK data breaches are after all down to human error. Jacob Herandi, finance project manager at Wayhome, says working with the Privacy Compliance Hub has helped his team: “The guidelines for champions, holding meetings and putting processes in place were especially useful. The Hub allows us to keep track of which team members have completed the built in training.”

Carving out a competitive edge

In a competitive sector like the financial industry, a brand’s reputation could be the determining factor between success and failure. A strong and aligned data protection and compliance strategy can drive revenue and fuel growth. It shows your commitment to the safety and security of your customers and can be a key differentiator in acquiring new business. Organisations that get this right – like tomato pay, which appointed privacy champions in three key areas – know privacy compliance is an ongoing effort. “GDPR is not something you can just do, and you’re done – you have to keep doing,” Peter Edenholm said.

Making deals with partners

Fintech innovators that ignore privacy and security risk management are likely to be seen as too risky for potential clients and trading partners to engage with. That’s particularly true of those that provide software or tooling for traditional banks to make sense of their customer data. Taking the GDPR seriously is a badge of competence that will make clients more comfortable when working with new partners. But more than that, privacy is much more than just an obligation – it is a human right and a business imperative. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

Build a culture of continuous privacy compliance

At the Privacy Compliance Hub, we make compliance easy for everyone to understand, care about and commit to. We call it a culture of continuous privacy compliance. Our platform, created by two ex-Google lawyers, provides a structured programme to follow, giving you the confidence you’re keeping your customers, investors and the regulators happy. Discover how it works here.

More to watch and read