by Dharmendra Patel @ Pushfor | 20th June 2017 8:32 am
The introduction of updated General Data Protection Regulations has businesses across the country assessing how they collect, use and store customer data.
These days, organisations are always asking us for more information. How many times have you had to hand over copies of your birth certificate, passport or driving licence? How often have you had to provide a bank statement, or utility bill?
It’s such a frequent request that we’ve started to take it for granted. But do we really know what happens to our information once we hit the send button?
Just the other day, I was on the phone to an insurance provider and they requested a copy of my passport. Okay, I thought, this is a big, reputable company so if they need a copy of my passport, why not give it to them?
But why did they need it?
I asked the operator why they needed the information, and what would happen to my information once I sent it over. Her response was quite simple – if you want us to underwrite your insurance we need that information otherwise we cannot proceed.
In short, “send us the information or don’t get insured”. There was no transparency. No information on how my passport information would be used, or on how they planned to safeguard my details. How secure where their systems? How sure could I be that their servers wouldn’t be hacked and my passport details published on the internet?
Not long after this, I opened an email from Betfair. It demanded that I upload proof of my address, or it would suspend my account. There was no mention about what would happen to that information after I uploaded it – simply a warning that failure to provide the information would cut off my access to my account and the funds in it.
So, why do they need all of this information?
Compliance forces almost every organisation to collect personal information as a requirement of doing business. They need to know who they’re doing business with. They need to build audit trails of data.
This information then needs to be updated regularly. My passport expires this year, so I know I’m in for a deluge of requests for a copy of my passport.
But, does it need to be this difficult?
Streamlining and securing Know Your Customer
Of course, wherever there’s a pain-point in our lives, there are people with ideas on how to solve it. Organisations are emerging that promise to consolidate the copious amounts of data that flow between people and organisations. They then make secure third-party access available as part of a subscription service.
That’s great, right? Now we have other companies making money from my personal details. Well, at least I know that my data stands a good chance of being held securely.
But how does this aggregator deal with third-party requests for my information? Are they just doing the same as me and sending the information to the third party? If so, what’s more secure about them sending this information?
What happens if I don’t want to use that service anymore?
There really needs to a way for people to have complete control and understanding over how their KYC information is distributed and stored – something beyond a simple report.
Experian tells me today if someone does a financial search on me, so why can’t that extend to my KYC information. I should be able to see which organisation is accessing my information, why they are accessing my information and when they are accessing my information. More importantly, I should be able to withdraw that information at any time.
This is my right under GDPR. Organisation’s KYC processes need to become much more accessible and transparent if they want to maintain confidence in the services they provide.
Source URL: https://www.gdpr.associates/pushfor-know-your-customer/
Copyright ©2020 GDPR Associates unless otherwise noted.