With ever-increasing amounts of data being collected and GDPR looming large over the regulatory environment, DealTrak’s annual F&I Conference looked at how business should be preparing for these. Jonathan Minter reports
Since Facebook was founded in 2004, social media has gradually become an incredibly important part of people’s day-to-day lives.
Despite its importance today, it was not immediately apparent just how valuable the information companies could derive from social media was, and how powerful it could be.
It was not until the work of Michal Kosinski around the turn of the decade that the ramifications began to be fully understood.
Kosinski created an app that enabled users to fill out different psychometric questionnaires in the form of an online quiz. Based on that evaluation, users would receive a personality profile, as well as the option to opt in and share their Facebook profile data with the researchers.
It was on Kosinski which Martin Hill, managing director of DealTrak, chose to open the 2017 F&I Conference. Hill noted that using the data these tests collected, Kosinski and his team were able to prove that, on average, with 68 Facebook likes by a user it was possible to predict their skin colour with 95% accuracy, their sexual orientation with 88% accuracy, and even political affiliation to 85% accuracy.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataHill explains: “Before long, with just 10 Facebook likes, he was able to evaluate somebody better than their average work colleague. Seventy likes were enough to outdo what a person’s friends knew about them. One-hundred-and-fifty likes were enough to outdo what someone’s parents knew about them. Three-hundred likes were enough to outdo what their own partner knew about them. Much more than 300 and it could even, in some instances, surpass what a person knew about themselves.”
With data so important, it is little surprise that regulators are beginning to look at how companies are collecting, storing and using consumer data – most notably with the upcoming General Data Protection Regulation (GDPR), which will be enforced from May next year.
According to Gary Hibberd, managing director of consultancy Agenci Information Security, GDPR should not be too difficult for companies to implement. He said: “If you are doing the right things, and you are following the Data Protection Act, which has been in place since 1998, then you are in a fairly good place, you should not have too much to fear.”
The key to GDPR is thinking about it not as protecting data, but as protecting people: “What are the standards to which you hold your own personal data, and that of your partners, and your kids, and your parents? That is what we are talking about.”
An example if this is around consent – one of the six given reasons for which you can process data. Hibberd said: “Consent is one of those areas which is currently being discussed by the ICO. It is yet to provide final guidance on it, but consent needs to be clear; it needs to be obtained clearly.
“If it is on data you already own, the question you must ask is, under what lawful basis are you processing this data? And if it is under consent, the next question is, how can you demonstrate you have obtained consent?”
This customer data can be useful for both the customer and the business, by making the customer journey much easier or more in line with customer expectations.
Freddy Kelly, chief executive officer at Credit Kudos, explained how data collected today can help improve car buying. The typical website asks requirements such as how many seats are wanted, or how big an engine the customer desires. In some cases it might ask lifestyle questions, such as if you want a city runaround or a country car.
Instead, Kelly suggested: “Google tracks pretty much everywhere you go if you have an Android phone, as does Apple with iPhone. They have a big, rich dataset, which shows where I go, what time, how often – all of that information. This seems to me to be a better place to start in terms of asking for input into what my basic need for a vehicle is.
“In addition to location, we have social data, which is an incredibly powerful tool to help understand our desires.”
This latter point reverts back to just how much a company can tell about a customer from their social media profiles – how many likes would it take to predict what kind of car would suit a customer, based on factors including demographic, geography and needs?
“There is a really rich set of data there to enrich the customer journey, provided we provide the right controls around consent and authorisation.”
Tara Williams, director of Icomply Online, pointed out that one of the pitfalls she sees with companies is that they tend to be reactive to compliance. In the case of GDPR and other regulations, it can be a case of “doing X because we have to”. She describes this as reactive, and as a result “we think there is an immediate danger, and we must get an answer in. We sometimes put processes in place that don’t have as much thought to them as they could have.”
Instead, she said, an effective risk programme needs effective governance, and relies on the tone at the top of the business: “The tone that says we want to do it, not because we have to do it. Without this tone at the top in business, we will constantly hit culture issues with regards to anything we do.”
Bringing it back to GDPR, she said: “GDPR is not just about ‘have you got the security?’. It’s about how you maintain it, how you regulate, how you use that within the business. It comes back to the risk framework.”
This was not just the case for GDPR, Williams explained, but of regulation in general. “To take the remuneration paper as an example: The likely rules to come as a result of the consultancy paper are that you must be able to recognise the risks that come from your incentive pay plans within your business. And you must be able to mitigate that risk.”
Jo Christmas, head of conduct risk for Barclaycard International, also touched on this, saying: “Remuneration schemes have to be seen to support good customer outcomes. That means looking closely at remuneration schemes to ensure they avoid conflicts of interest.”
This is just one of the areas Christmas touched on, as she looked at how the industry was changing. She said: “We believe the environment will continue to be dynamic, and expect to see more headlines from the Bank of England, as it continues to keep a close eye on levels of consumer indebtedness, and firms’ ability to respond to a more stressed economic environment. In the motor industry, dealers are seeing competition from OEMs creating direct to consumer propositions, fintech and comparison sites entering the market, and ever-closer regulatory scrutiny.”
On this last point, Christmas pointed out it should not come as a surprise that regulators are taking a closer look at the industry. Motor finance point of sale is now the third-largest consumer lending market in the country, below mortgages and credit cards.
One area which appears to be getting a lot of press attention is PCP, which Christmas said “offers clear benefits to consumers, including an affordable payment option and providing flexibility by giving customers options at the end of the term”.
Despite this, she warned: “The risk to consumers from PCP is more limited than for lenders, but may be heightened when there has been an inadequate assessment of affordability or a lack of clarity for the customer.”