May 25th, 2018 is almost here and nearly two years after the European Union’s 2016 announcement, the regulation partially designed to put individuals back in control of their personal data will come into force. And shortly in the wake of #DeleteFacebookand the Cambridge Analytica scandal, most banks and insurers are breathing a sigh of relief. After investing millions of pounds in GDPR compliance, appointing a Chief Data Protection officer and wrangling with legacy data systems, reporting and handling, most financial institutions feel prepared for GDPR D-day and potential smug compared to some of their counterparts in the tech world.

In many ways, GDPR has been a blessing in disguise for financial firms. After years of data negligence in the wake of the financial crisis, GDPR has forced banks and insurers to reckon with their housing and handling of customer data. From rationalising and streamlining a patchwork of legacy systems to a bias towards collecting vs. leveraging reams of data without a clear use in mind, in many ways, the EU’s controversial regulation is a blessing in disguise for CIOs and CTOs across the continent and beyond.

But the positive story shouldn’t end there. Here I outline 3 opportunities for banks and insurers in the wake of GDPR.