GDPR in Practice: How Business and Customers Benefit from Personal Data Protection

[Carding Forum]

What benefits does a company gain from implementing GDPR principles? The expert shared her practical experience

During the GDPR Summit 2021 conference, the CEO of Moneyveo, Alena Andronikova, told in her report how the company implements the principles of GDPR, for what purpose, as well as the benefits that a business and a client receive from personal data protection.

According to Alena Andronikova, Moneyveo has approved a strategy for convergence with GDPR in 2019. Despite the fact that the company's clients are residents of Ukraine, and there are no legal requirements to comply with the GDPR principles, the company decided to move in this direction.

“Anyway, sooner or later Ukraine will come to these principles - it has already come to them in part. Therefore, our strategy is designed for the long term, ”said CEO Moneyveo.

Among the tools for protecting personal data according to the GDPR, the main ones are:

• legal (drawing up from a legal point of view manuals and rules according to which the company should work, as well as monitoring their implementation)
• organizational (access to personal data, control over compliance with the regime)
• technical (software that companies use locally to help encrypt data, mask it, double-identify it, etc.).

How are these tools implemented at Moneyveo?

• legal: collecting consent to the processing of personal data of clients. This is recorded in the contractual relationship with the client. “We ensure the legality and security of storing these personal data and their processing,” said Alena Andronikova;
• organizational: installation of control over information flows and implementation of preventive measures against data leakage;
• technical: GDPR principles are applied at every stage of development.

“From the beginning of the development planning - either a product or a feature - an information security specialist sets milestones and sets additional requirements. And so it goes through all the stages - planning, deployment and operation, ”says CEO Moneyveo.

Alena Andronikova, CEO of Moneyveo at the GDPR Summit Ukraine 2020.Photo by PaySpace Magazine
The expert named the following main risks of fraud in online lending:

• lack of communication between the client and the payment instrument. This is important, because for the complete identification of the client, it is important to carry out not only verification of the client himself, but also of the payment instrument that the client uses;
• open sources of information. In Ukraine, in the public domain, you can find the personal data of certain persons;
• lack of financial literacy. Part of the population has this problem, but many companies are already working with it. In particular, Moneyveo implements corporate social responsibility projects. For example, this year the series "Cybernyanya" was released together with the Ministry of Digital Science, which aims to improve financial literacy.

“Often, indirectly, we ourselves are the source of the disclosure of our personal data, without even knowing about it,” said Alena Andronikova.

So how do you reduce data fraud? According to the expert, this requires:

1. Creation of a unified platform for payment instruments.
2. Control over online platforms where personal data is available.
3. Implementation of new technologies and solutions for client verification - MobileID, BankID, FaceID.

Also, the CEO of Moneyveo shared some practical insights into the work of the Moneyveo service. In particular, the decision to issue a loan in a company is made within 22-23 seconds. During this time, antifraud checks are carried out: the system looks at the client's behavior, the peculiarities of working with the mouse and keyboard, etc. In 97% of cases, the decision is made by the machine. And to make one decision, Moneyveo uses about 100 external services, from which certain data are requested in order to determine the likelihood of fraud.

Alena Andronikova named the main benefits of GDPR for both business and customers.

For business, these are:

• a stream of quality customers is generated
• customer churn decreases
• the value and value of the company increases
• the company becomes attractive to investors
• the reputation in the eyes of the regulator improves.

For client:

• protection from fly-by-night companies
• protecting your bank account
• protection against fraudulent activities
• trust in a company that has significantly more tools to protect personal data.

It is worth noting that the company spends a third (33%) of its IT budget on information security.

As a reminder, on October 7, the GDPR Summit 2021 took place in Kiev. The site brought together leading experts from banks, microfinance organizations, fintech and IT companies, and the public sector. DPO, CEO, CIO, CRO, CCO, HR managers, business analysts and lawyers shared their practical experience in the implementation of GDPR in business processes.

The GDPR Summit 2021 was organized by the Ukrainian Interbank Association of EMA Payment Systems Members and the FinTech-magazine PaySpace Magazine. The event was supported by Moneyveo (Fintech sponsor), Nota Group, PSP Platon, Digital Ukraine.