Published: Friday September 15, 2017
A blog post by Karyn Bright, Group Marketing Director at GBG.
With just over 8 months to go, the noise around implementation of GDPR has started to get a lot louder! Basically, for any organisation that deals with any of the 510 EU consumers and employees, the way we collect, verify and store personal information (what we call ‘identity data’) is set to change dramatically.
As global specialists in the use of identity data intelligence, we help organisations make decisions every day about the consumers they serve and the people they employ. In the majority of cases this relates to improving customer experience without increasing risk. But the threat of risk is about to get much higher and much of what we do today focuses on ensuring that customers’ processes are using identity data in a totally compliant manner.
Image source: Linklaters.
Here are our top tips to ensure you are taking every possible care in processing personal ‘identity’ data:
- Be totally transparent as to why you need this data. What will you use it for? How will this benefit the end consumer? For instance; when buying a new bike recently, the sales assistant asked for my mobile number - and immediately clarified that this was in case they needed to contact me if the bike was recalled for any reason.
- Dependent on what you need the data for, you may need to collect explicit permission. But collecting personal data so you can carry out a KYC, money laundering or age check does not require specific consent.
- Validate all the data you’ve been given immediately at point of registration; don’t base future decisions on incorrect data.
Regulated industries are mandated to verify the identity of their customers or staff. But it also makes good sense if you’re dealing in high value goods and services which are likely to attract fraudsters.
- Ensure that no additional data is ever revealed to your own staff or the end customer - our GBG ID3global service returns a simple ‘Pass/Fail/Refer’ result which ensures not just compliance but avoids potential for future abuse.
- Ensure you store all data - including document scans - within approved countries and allow for anomalies in local data regulations.
- Make sure you have a clear, and easily accessible audit trail so you can prove who checked whom, when.
Business processes run smoothest when the data they rely on are accurate and fit for purpose.
- Ensure you continuously challenge the organisation as to why you need any particular data item.
- Continuously refine customer journey maps to maintain transparency and ensure you are always processing data the right way - keep customer data clean!
- Get a Total Customer View. Ensure you can identify a customer across any device or channel as they will carry any issues around consent with them!