The biggest privacy challenges for FinTechs in 2022

By Nigel Jones, ex-head of Legal at Google EMEA and co-founder of the award-winning Privacy Compliance Hub explains how to ensure privacy concerns don’t put the brakes on FinTech investment and growth next year

The FinTech sector is one of the UK’s standout success stories, attracting more than $4bn in investment across over 400 deals in 2020 alone. It’s second only to the US, with more capital invested than Germany, Sweden, France, Switzerland and the Netherlands combined.^[1]

In such a competitive space, teams are under constant pressure to innovate and develop new applications and services. Success will depend on the collection and processing of large swathes of customer data – particularly with the growth of open banking.

But that growth is at risk if FinTech leaders don’t get privacy right. Below are the top privacy challenges for FinTechs in 2022 and tips for leaders looking to build a business that can be trusted by customers, investors and clients alike.

Staying secure

Security is of paramount importance for the FinTech sector. It’s the second most popular industry for cybercriminals to target,^[2] with the average cost of a breach 28% higher than for other industries.^[3] Increasingly, firms need to be proactive about security – Cybercrime has become more sophisticated, widespread and relentless over the pandemic, with a 50% increase in attacks.^[4] FinTechs that fall victim to a cyber attack face losing customers and clients and a massive fine by the regulator. The ICO fined Ticketmaster £1.25m in 2020 for example, for failing to implement appropriate safety measures to keep its customers’ personal data secure, and British Airways was fined more than £20m for a data breach affecting 400,000 customers.^{[5] [6]}

Reputation

While related, privacy and security aren’t the same (although it’s impossible to have privacy without security). Whereas security refers to how personal information is protected, privacy relates to the rights an individual has to control their personal information and how it’s used. Privacy is good for business – both customers and investors want reassurance that privacy is covered. And as we’ve seen from Apple’s recent shift in approach, it can turn what many see as a back-office tick box exercise into a high value proposition that grabs market share and boosts the bottom line.^[7]

Championing the benefits of data sharing

With 664% YOY growth and 4 million customers and small businesses in the UK now using open banking products, data sharing is expected to grow significantly in 2022.^[8] But the expansion of innovative products and services using such data will be undermined if the public doesn’t trust the businesses behind them. Research by Ipsos for example found 75% of people would like to have access to data on how they spend their money but currently only 40% will provide the information to facilitate such insights.^[9] FinTechs that reassure their customers by being more open about the way that data is used will be best placed to make the most of this opportunity.

Keeping up with regulations

The GDPR and UK GDPR, the Data Protection Act 2018, the recent Data Sharing Code of Practice, not to mention Brexit and court decisions such as Schrems 2 … the list of privacy regulations and the regular changes to them can appear long and unwieldy. Post Brexit, the UK has adopted its own copy of the GDPR, so organisations that already comply with the EU GDPR needn’t worry – for the moment. However, things could get complicated for FinTechs looking to expand internationally if the two laws diverge. Having a clearly structured privacy compliance programme, implemented by an internal cross-departmental team that meets regularly to discuss any changes to the way customer data is processed, will help businesses react quickly if needed.

Creating a culture of continuous privacy compliance

Privacy isn’t a project. It isn’t just something for the legal department. It’s the collective responsibility of the entire organisation. Almost all (90%) of UK data breaches are down to human error.^[10] But when employees understand why privacy matters, they care about it and they take appropriate action to protect it. That takes regular training, and a workplace culture that considers the implications for privacy at every stage of the customer data lifecycle. Fast-growing FinTechs aren’t burdened by legacy technology and processes, but they must make sure they incorporate an ethical privacy culture from day one.

Building trust with an increasingly privacy-conscious public is key for success. But it’s about way more than just promising to keep customer data safe. FinTechs need to demonstrate they take privacy seriously by being transparent about how they collect personal data, what they need it for, the extent to which this is shared and why, as well as pointing to ways they keep it secure. FinTechs have driven a revolution in the banking sector by increasing competition, providing great customer service and attracting billions in investment. Let’s not allow poor privacy compliance to put all of that at risk.

Author biography

Nigel is the co-founder of the Privacy Compliance Hub, a former Google executive and head of its legal team for Europe, the Middle East and Africa. Nigel has more than 30 years of legal experience advising companies on technology, data protection, privacy and the pragmatic steps available to cut risk, meet regulatory requirements and manage data breaches.  https://www.privacycompliancehub.com/

^[1] https://www.innovatefinance.com/news/the-uk-retains-its-crown-as-europes-capital-for-fintech-investment/

^[2] https://www.itproportal.com/features/security-challenges-within-the-fintech-sector/

^[3] https://financialservicesblog.accenture.com/cybercrime-in-banking-and-capital-markets-technology-and-human-vulnerabilities

^[4] https://www.sciencedirect.com/science/article/pii/S0167404821000729

^[5] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/11/ico-fines-ticketmaster-uk-limited-125million-for-failing-to-protect-customers-payment-details/

^[6] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers

^[7] https://www.ft.com/content/074b881f-a931-4986-888e-2ac53e286b9d

^[8] https://thefintechtimes.com/token-its-time-for-psps-to-board-the-open-banking-payments-train/

^[9] https://www.finextra.com/newsarticle/36692/consumers-remain-suspicious-about-open-banking

^[10] https://www.infosecurity-magazine.com/news/90-data-breaches-human-error/

By Nigel Jones, ex-head of Legal at Google EMEA and co-founder of the award-winning Privacy Compliance Hub explains how to ensure privacy concerns don’t put the brakes on FinTech investment and growth next year

The FinTech sector is one of the UK’s standout success stories, attracting more than $4bn in investment across over 400 deals in 2020 alone. It’s second only to the US, with more capital invested than Germany, Sweden, France, Switzerland and the Netherlands combined.^[1]

In such a competitive space, teams are under constant pressure to innovate and develop new applications and services. Success will depend on the collection and processing of large swathes of customer data – particularly with the growth of open banking.

But that growth is at risk if FinTech leaders don’t get privacy right. Below are the top privacy challenges for FinTechs in 2022 and tips for leaders looking to build a business that can be trusted by customers, investors and clients alike.

Staying secure

Security is of paramount importance for the FinTech sector. It’s the second most popular industry for cybercriminals to target,^[2] with the average cost of a breach 28% higher than for other industries.^[3] Increasingly, firms need to be proactive about security – Cybercrime has become more sophisticated, widespread and relentless over the pandemic, with a 50% increase in attacks.^[4] FinTechs that fall victim to a cyber attack face losing customers and clients and a massive fine by the regulator. The ICO fined Ticketmaster £1.25m in 2020 for example, for failing to implement appropriate safety measures to keep its customers’ personal data secure, and British Airways was fined more than £20m for a data breach affecting 400,000 customers.^{[5] [6]}

Reputation

While related, privacy and security aren’t the same (although it’s impossible to have privacy without security). Whereas security refers to how personal information is protected, privacy relates to the rights an individual has to control their personal information and how it’s used. Privacy is good for business – both customers and investors want reassurance that privacy is covered. And as we’ve seen from Apple’s recent shift in approach, it can turn what many see as a back-office tick box exercise into a high value proposition that grabs market share and boosts the bottom line.^[7]

Championing the benefits of data sharing

With 664% YOY growth and 4 million customers and small businesses in the UK now using open banking products, data sharing is expected to grow significantly in 2022.^[8] But the expansion of innovative products and services using such data will be undermined if the public doesn’t trust the businesses behind them. Research by Ipsos for example found 75% of people would like to have access to data on how they spend their money but currently only 40% will provide the information to facilitate such insights.^[9] FinTechs that reassure their customers by being more open about the way that data is used will be best placed to make the most of this opportunity.

Keeping up with regulations

The GDPR and UK GDPR, the Data Protection Act 2018, the recent Data Sharing Code of Practice, not to mention Brexit and court decisions such as Schrems 2 … the list of privacy regulations and the regular changes to them can appear long and unwieldy. Post Brexit, the UK has adopted its own copy of the GDPR, so organisations that already comply with the EU GDPR needn’t worry – for the moment. However, things could get complicated for FinTechs looking to expand internationally if the two laws diverge. Having a clearly structured privacy compliance programme, implemented by an internal cross-departmental team that meets regularly to discuss any changes to the way customer data is processed, will help businesses react quickly if needed.

Creating a culture of continuous privacy compliance

Privacy isn’t a project. It isn’t just something for the legal department. It’s the collective responsibility of the entire organisation. Almost all (90%) of UK data breaches are down to human error.^[10] But when employees understand why privacy matters, they care about it and they take appropriate action to protect it. That takes regular training, and a workplace culture that considers the implications for privacy at every stage of the customer data lifecycle. Fast-growing FinTechs aren’t burdened by legacy technology and processes, but they must make sure they incorporate an ethical privacy culture from day one.

Building trust with an increasingly privacy-conscious public is key for success. But it’s about way more than just promising to keep customer data safe. FinTechs need to demonstrate they take privacy seriously by being transparent about how they collect personal data, what they need it for, the extent to which this is shared and why, as well as pointing to ways they keep it secure. FinTechs have driven a revolution in the banking sector by increasing competition, providing great customer service and attracting billions in investment. Let’s not allow poor privacy compliance to put all of that at risk.

Author biography

Nigel is the co-founder of the Privacy Compliance Hub, a former Google executive and head of its legal team for Europe, the Middle East and Africa. Nigel has more than 30 years of legal experience advising companies on technology, data protection, privacy and the pragmatic steps available to cut risk, meet regulatory requirements and manage data breaches.  https://www.privacycompliancehub.com/

^[1] https://www.innovatefinance.com/news/the-uk-retains-its-crown-as-europes-capital-for-fintech-investment/

^[2] https://www.itproportal.com/features/security-challenges-within-the-fintech-sector/

^[3] https://financialservicesblog.accenture.com/cybercrime-in-banking-and-capital-markets-technology-and-human-vulnerabilities

^[4] https://www.sciencedirect.com/science/article/pii/S0167404821000729

^[5] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/11/ico-fines-ticketmaster-uk-limited-125million-for-failing-to-protect-customers-payment-details/

^[6] https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers

^[7] https://www.ft.com/content/074b881f-a931-4986-888e-2ac53e286b9d

^[8] https://thefintechtimes.com/token-its-time-for-psps-to-board-the-open-banking-payments-train/

^[9] https://www.finextra.com/newsarticle/36692/consumers-remain-suspicious-about-open-banking

^[10] https://www.infosecurity-magazine.com/news/90-data-breaches-human-error/