Generative AI is having a moment and banks are now actively exploring how they can leverage it to ramp up the personalisation of their products and services. Yet this shines a light on their two competing priorities: Data-driven personalisation and data privacy.

Banking customers will accept nothing less than a hyper-personalised user experience. But secure and private data are also non-negotiables. In other words, banks need to collect vast amounts of customer data to deliver personalised products and services without breaching customer trust nor regulatory standards. And exploring customisable GPT solutions throws up increased data privacy risks as vast data sets are scraped from the internet and private customer data is fed into large language models.

In this blog post, we’ll outline why personalisation and data privacy matter, the tension that exists between these objectives, and how financial services companies can properly manage customer data to meet regulatory standards and give their customers piece of mind.

The hyper-personalisation imperative

The call to action is clear to banks: Personalisation drives more impactful marketing, optimised sales conversion, and improved customer satisfaction. Data analytics will help banks to close the gap that is opening up between their customers’ personalisation expectations and the reality of their banks’ offerings: Over 90% of global consumers say they want their bank to understand their needs, but only a third say their bank does this.

Aggregating vast troves of customer data into a centralised customer data platform and applying machine learning-powered analytics will be critical to delivering banks’ quest to improve the customer experience by laying on personalised products and services.


The data privacy tension

Financial services firms need to be careful about how they collect, manage, and use customer data to avoid a loss of customer trust and regulatory sanctions.

While customers increasingly expect experiences tailored to their unique needs, they are also concerned about the privacy of their personal data. Sixty-five percent of global consumers worry that their data is collected without their consent. And financial services customers stand out as especially data privacy-conscious: It is by far the industry in which data privacy matters more to its customers.


Inspired by the EU’s General Data Protection (GDPR) legislation, data privacy regulations are spreading across the globe. Banks will increasingly have to navigate local and global data privacy rules. The substantial data privacy fines dished out to big tech firms Amazon and Meta portend what is in store for financial firms that fail to meet rising standards.

The UK’s data regulator - the ICO - warned organisations in April about the related data privacy risks associated with generative AI technology. The ICO flagged transparency, automated decision making, lawful basis for data processing, and individual rights requests risks. Banks must be able to explain how they collect and process customer data and make decisions – but generative AI models are extremely complex and difficult to understand or explain. Key individual rights under data privacy regulations – such as “the right to be forgotten” - could also be difficult to carry out when using machine learning models.

Regulators are also in the process of drawing up AI regulation as it increasingly plays a role in decision making in financial services. Banks will need to ensure that they are prepared for new rules on the responsible use of AI that focuses on accountability and explainability, among other areas.

How to navigate the personalisation and data privacy tension

Financial services firms can still manage data privacy risk while accelerating their personalisation journeys with the following five steps.

First and foremost, organisations must put in place a data privacy compliance framework. A data privacy framework builds on data governance foundations to set out a company’s policies and procedures relating specifically to data privacy, including the identification of risks and access management. Data privacy policies and procedures will be key to assuring compliance by demonstrating to auditors the steps taken to minimise risk.

But a data privacy framework will only be effective in practice if a top-down data privacy culture is embedded within the organisation. Executive sponsorship will ensure that those tasked with delivering with the framework are empowered to do so. This will also encourage the rest of the organisation to embed data privacy practice into their ways of working.

Gartner highlights four ways to properly manage customer data in its recent article “How to Straddle Personalization and Privacy.”

  1. Be explicit: Give customers more control over how their data is processed with consent and preference settings.
  2. Be Transparent: Privacy settings should clearly lay out how and why a company intends to use and manage their personal data.
  3. Ethical Data Management: The value that data use cases bring to the customer should be at the heart of a company’s data management strategy. Ethical data management means reflecting on not only if a company can use data but also if they should use that data, with the customer in mind.
  4. Minimise Data Collection: Define each data use case to ascertain what data is actually needed to limit data collection.

Firms also need to maximise their capture of first party data as third-party cookies are finally phased out for good. First-party data is collected directly with the consent from the data owner and will become increasingly important to marketers in a cookieless future. It is also often more valuable and accurate as it is not aggregated like third-party data. First-party data can be collected through interactions or searches on apps or responses to marketing campaigns.

It’s also important for financial services companies to better understand their customers’ preferences in relation to data privacy. Not all customers are willing to trade their data for personalised services. Organisations need to establish and segment their customers into two broad groups and ensure that they don’t cross the line with those customers who don’t want to feel their provider knows too much about them.

Customers want data-driven personalisation, but on their terms

Eighty-six percent of global banking customers would exchange their data for a more personalised experience. Yet data privacy concerns are growing: Only 40% of global consumers trust brands to use their data responsibly and keep it secure. It is imperative for organisations to balance their need to give their customers the personalisation they crave while not infringing on the privacy of their personal data.

How can BJSS help financial services become data driven while managing data privacy risk?

BJSS has deep expertise of working with financial services firms to help them become data driven while managing data privacy risk and meet regulatory requirements. Our recent experience includes:

  • Helping a Major UK Retail Bank to Build a Data and Analytics Platform: We helped the bank to deliver machine learning solutions into production and support the definition and delivery of a bank-wide platform for data and analytics.
  • Helping Better Solve Customer Problems: BJSS delivered the capabilities to facilitate the building and productionising of machine learning models for to better serve its customers.
  • Enabling a Leading UK Insurer to Become Data-Driven: We rapidly developed the Data Analytics Platform (DAP) in just seven months, which allowed the insurer to become a first-mover as a data-driven insurer that can drive customer value and improve its competitive advantage.
  • Helping a Global Insurer on the Path to GDPR Compliance: We successfully delivered a GDPR Compliance project ahead of time re-establishing governance procedures and processes.

Want to know more?

We regularly hold sessions with financial services leaders on the best way to leverage digital solutions to achieve faster sales and profit growth. Get in touch if you’d like to know more about data analytics, data privacy, or our other areas of expertise in financial services. You can also click here to learn more about our financial services work.