How Safe Is Your Customer Data?

Data compliance in the evolving landscape of privacy laws can be tricky, especially in the BFSI industry. Datatechvibe spoke to BFSI leaders for strategic advice on how companies can approach compliance.

According to a Deloitte survey, 44% of app developers and publishers have transparent internal data governance to ensure proper handling of personal data. Although the focus on privacy is already having a profound impact, the BFSI industry, in particular, is at the forefront of the privacy battlefield and is tasked with finding the best practices for data compliance.

The privacy regulatory landscape is at its peak today, and it has become critical for organisations to keep up with data compliance, minimise privacy risk, build customer trust, and as a result, be able to create a sustainable and productive business.

As the BFSI landscape is undergoing a complete digital transformation, data compliance is at the top of the priority list. Datatechvibe spoke to BFSI leaders for advice on how companies should ensure data compliance. Here is what they had to say:

Esther Munyi – Chief Data & Analytics Officer at Sasfin Bank

DM_Esther Munyi

It is essential to establish a formal, sound, and robust data governance capability that provides oversight to ensure that the organisation complies with laws, regulations, and standards around its data and privacy. According to a 2019 survey by Edelman Trust Barometer, consumers trust technology firms more than banks. To mitigate this risk, it could be beneficial for banks to partner with FinTechs and share the risks associated with data compliance. Regulators are often perceived as a hindrance, but I disagree. They are proactively and reactively trying to ensure that organisations comply with regulations and keep BFSI firms accountable for using, storing, safeguarding, and retaining their customers’ data.

Kulani Likotsi – Head of Data Management and Data Governance at Standard Bank South Africa

DM_Kulani-LikotsiCompanies need to practically implement and embed data compliance requirements using technology. For instance, encryption can act as a powerful tool for protecting privacy. Ensure data is protected in transit and at rest to avert data breaches and cyber-attacks. Incorporate data subject rights considerations, data ethics, and responsible AI into the design of customer solutions. Educate all those with access to sensitive and confidential data on the importance of data privacy and how it applies. Execute the retention and destruction of data that is no longer necessary by business and legal rules to satisfy privacy laws.

Olamide Jolaoso, Head of Data Analytics at Wema Bank

Data Governance is as essential today as driving analytics to make business decisions. Technology leaders must establish structures within BFSI institutions that enforce privacy laws as obtainable in their geographic domains. The data governance function should be empowered to expand its influence and implement enterprise policies ensuring data confidentiality, protection and privacy.

Theo Groenewald, Head of Data Management at Discovery Limited

DM_Theo GroenewaldPrivacy by design, which considers privacy upfront as part of the System Development Life Cycle (SDLC), would benefit from data product-related strategies; however, it would add the complexity and time required to build new features. For IT to succeed in this, it needs strong support and champions for this cause from the business itself. Creating awareness of the importance of data privacy throughout the organisation should decrease the pushback on these initiatives.

Yomi Ibosiola, Chief Data and Analytics Officer at Union Bank of Nigeria

DM_Yomi-IbosiolaWhile many data privacy laws across Africa are modelled after the EU GDPR, organisations with operations across the continent still face challenges. To remain up to date, we prioritise keeping our data privacy and protection measures current. This includes ensuring platform security, providing employee training, and periodically updating data governance policies to align with ever-evolving regulations. We use encryption, access controls, and activity monitoring on key systems and reports to protect personal or KYC data from unauthorised access. Additionally, the DataGov app helps manage data classification to ensure all personal data is protected and secure.