GDPR alignment - FS

THE COMPANY

WorldFirst - An international foreign exchange brokerage working to provide better rates than the banks in both B2B and B2C markets, with specific focus on expansion within the Chinese market.

THE GOAL

Transform existing communication mechanisms between clients and FX traders to comply with GDPR regulations.

THE CUSTOMERS

Private, Corporate and Ecommerce clients in; The UK, The US, Hong Kong, Singapore, Australia and The Netherlands. 


In App Messaging Centre

THE CHALLENGE

The introduction of GDPR requires all PII, and communications of bank statements or information relating to trades to be secure and behind a customer log in. There was no way for FX dealers and clients to communicate and share PII in a secure manner. In addition, the majority of the email communication between the FX dealers and clients were manually written and triggered to send, causing great inefficiencies and leaving space for human error.

THE APPROACH

Discovery needed to cover all bases; legal requirements, internal users and external customers. Working across a range of stakeholders to find a solution was key. Discovery included;

  • Becoming a subject expert on the related areas of GDPR

  • Mapping existing process and identifying PII data sent to clients

  • Auditing all information sent to clients to ensure necessity and identify the source

  • Conducting competitor research into in app messaging centres to understand the range of experiences and expected behaviours

  • Understanding the needs and expectations of our clients given their vast range of existing experiences with other bank and messaging apps

THE SOLUTION

The solution needed to be technically viable, meet business needs, comply with regulations, result in an easier journey for our clients and be feasible within the tight timelines.

A basic messaging system was designed to sit within the online customer account behind their secure log in. All financial and PII information was safe and secure and easily recallable for the customer and the FX dealer. In the customer facing web application, we created an inbox showing; date ordered messages, message content, attachments, read and unread messages. We focused on desktop view initially, following customer research showing that 80% of the time clients would check messages from WorldFirst on their desktop computer at work.

MVP meant there was no ability for the client to respond to their FX dealer within the message centre, however this was a fast follow. In addition, the message centred was prioritised within the mobile app experience backlog.

In application inbox

 

Considerations for future iterations

Building an in app inbox was the first step required to meet GDPR regulations. Future iterations looked at enabling the inbox in our mobile apps and adding additional functionality around notification to enhance experience. Discovery work was then done to understand what makes a good/useful notification and how/whether we should go about integrating this functionality into our product.

Different types of notifications

  • User generated notifications and context driven notifications

  • Notifications often require immediate action and if they don’t then they can just be seen as an unnecessary distraction. A passive notification provides information to the user but does not require them to take action at the exact time.

We would like to aim for smart notifications - context and event driven. Notifications like this could be used going forward to remind clients about certain tasks they need to complete such as funding a trade before the agreed date.

What makes a good notification?

Non-interfering: A notification is a timely alert however it can distract the user. The main characteristic of a notification is that it should be non-interfering. It should achieve the purpose of letting the user know that something important is on the way.
Small in size: A good notification should be as small as possible but effective at the same time.
Contextual: Anything in context works better, timing is everything

Provide just enough information to allow the user to decide if they would like to proceed or not. Give the user control and allow them to make the choice to proceed or not
Allow users to adjust their notification preferences

When not to use notifications

If the user does not need to take immediate action. Make sure notifications are always something a user Needs to know.