GDPR, a pitfall or an opportunity?

Businesses should focus on how compliance with data privacy laws can enhance customer experience and increase brand loyalty

Much has been written about the introduction of General Data Protection Regulation (GDPR) in May this year. Most of the noise thus far has revolved around the responsibility and risk levied at organisations, however not much has been written about the opportunity GDPR offers up in terms of enhancing the customer experience and increasing brand loyalty.

But before we dive into this…

What is GDPR?

GDPR will create a single set of rules within the EU for data protection. More specifically, GDPR applies to ‘personal data’. This is any information that can directly or indirectly identify a specific person. The general rules related to data protection have not changed radically, but non-compliance is expensive with steep penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher. We see it as an evolution, not a revolution.

Whom does it apply to?

The scope of GDPR is extremely broad. It applies to businesses dealing with personal data in the EU, even if the business is not based in the EU. It also applies to businesses based in the EU, even if they are dealing with the data of people living outside the EU.

How does payment data fit in?

Payments data is at the heart of every business, it is directly related to conversion and your bottom line. Consequently, this data is of highest value to hackers, and needs maximum protection. Businesses have to share customer data with their payments provider for various reasons. It may be for payments processing, data storage or to enable risk solutions. It’s important to partner with a payments provider who is not only PCI compliant, but can also guarantee that they will meet the requirements of the GDPR to avoid hefty fines.

Role of a payments partner in GDPR compliance

A payments partner should ensure that the data you share is handled safely and securely at all times. For example, along with PCI Level 1 certification, they should have a proven track record of securely handling data. Your payments partner can also assist you in providing evidence of compliance to the regulators.

 

How is payments data secured?

PSPs have various methods of ensuring that data is secure and cannot be misused. The common ways to secure payments data are:

• Encryption: Encoding data in such a way that only authorised parties with a valid key can access the data. Encryption algorithms are used to encrypt data and create the key.

• Tokenisation: A process where sensitive data is completely removed from a system and is replaced with a unique, randomly generated token. Business systems can use the token to retrieve, access or maintain the data stored at an offsite, secure location making it highly impossible for hackers to access the data.
  
   

Now that we’ve covered the basics, let’s explore how a payments partner can help you leverage the data provided by your customers and bring added benefits to your business and your customers. Simply put, insights from data allow businesses to modify and tweak various systems to smooth the customer journey and increase conversion. Some examples of this would be:

• Offering familiar options: When foreign customers land on your checkout page, you can offer the option to pay using local payment methods popular in the specific country/region they are from. Using Germany as an example, this could be Sofort or Giropay. This can occur even when your customer is travelling and transacts via a different IP address, giving him a consistent and convenient payment experience wherever they are.
  
  
• Securing transactions: Data also helps a business secure every transaction. Thanks to data provided by customers to authenticate themselves, businesses quickly identify fraudulent activity. For example, if your customer’s card details come from a suspicious IP, or other data doesn’t match, the transaction will be flagged and sent for extra authentication ensuring that only the right customer with the right details can make the payment.
  
  
• Enhancing customer experiences: Repeat customers who have registered their payment data can experience a seamless user journey with one-click payments. Businesses should look for a PSP which offers payment pages which recognise returning customers, and pre-fill the fields for a specific payment method allowing them to check-out quickly and easily.   

Mutually beneficial

When it comes to data privacy, GDPR will create a framework for amicable coexistence between businesses and their customers. It’s important to educate your customers about the role data plays in offering secure transactions, and a superior customer experience. The current updates to payment regulations such as PSD2 or PCI DSS, in combination with GDPR, will ensure safer payments and secure data processing. Couple this with offering data-driven benefits to your customers and we find ourselves in a win-win situation. While businesses across the world race against time to be GDPR compliant and meet the requirements for the ever-changing laws, businesses that take a positive approach can turn this regulation into an excellent opportunity to gain customer trust, create tools for higher conversion and increase brand loyalty.