How Danske Bank uses third parties to clean data for GDPR | Analysis of the Deal

By David Beach | 19 February 2018

bobsguide sat down with Marion Rybnikar, Head of Data at Danske Bank UK, and Stuart Harvey, CEO of Datactics, to discuss the monolithic task of data management in the face of GDPR and PSD2.


Marion, tell me how one comes to be Head of Data at a major global bank.

Marion Rybnikar (Danske Bank): I completed a Physics degree before spending ten years at the New York Stock Exchange and Chain Reaction Cycles. I've had an interesting career through investment banking, ecommerce and now retail with Danske Bank UK.

It’s interesting that you came to data with a physics background. That’s one difficulty with how quickly data science is changing - the universities simply can’t teach students quickly enough.

Danske Bank: Yes; anyone can be a data analyst nowadays if they have an Excel spreadsheet, but making that data actionable is a different story entirely. It’s why I personally look to recruit physicists or mathematicians rather than exclusively computer scientists. I think physicists and mathematicians can get unique insight into data where computer scientists come at it from a linear and logical route. Quite often you can send physicists off and they’ll find a solution to a problem which is great for getting the most out of data.

Stuart Harvey (Datactics): My background is in computer science, so I would be very linear and logical!

At Datactics we have two types of people, we have developers who develop our platform and a large group of data engineers and scientists who take our platform and help clients build their solutions on top.

Over the last ten years, we’ve focused on data quality and matching. We started with the challenges of Big Data around government and supply chains. Three years ago, the company made a strategic decision to branch into banking, insurance and data compliance. Most of our clients are based outside of Ireland and Northern Ireland, so it’s great to work with someone based in the same city.

What does this partnership hope to achieve?

Danske Bank: From our perspective, the primary reason for working with Datactics has been for the FSCS and Single Customer View (SCV) file to make sure that our data is as accurate as possible for the compensation scheme. We looked at buy and build options, but landed on a Proof of Concept with Datactics which has worked out well. The PoC took a couple of weeks and was very smooth.

Datactics: We were very pleased with the PoC, and see this as being a bridgehead into retail banking. We have a couple of major UK retail banks running PoCs, but this is the first one to get signed off, so this is a platform that will enable banks to look at FSCS as well as other regulations out there. What I hope we’ve achieved with Danske is that our platform sits on top of their loan, risk, customer data as an engine, and that data is an input into any new regulation.

The combination of our fuzzy matching and Big Data experience allows Marion to turn the handle pretty quickly in providing regulatory reports for the Bank of England or PRA.

Danske Bank: Taking the SCV files and running them through Datactics is pretty much a push button task.

What exactly is the Datactics’ platform providing to Danske Bank?

Datactics: Our solution is installed at the bank to sit on their data silos. We extract information related to customers, products, deposits and loans. We score that data against Data Capability Assessment Model (DCAM). DCAM has a range of classifications around completeness and accuracy of data. We use those parameters of data quality to score the data. We can then match the data to give a single customer view which is important for the purpose of reporting.

This is our crown jewel - doing very sophisticated fuzzy matching at scale to provide single customer views for regulatory reporting or business intelligence.

What are you hearing from the industry? How ready are banks for GDPR?

Datactics: In the last six months, we’ve discussed GDPR with roughly 20 European firms and the single customer view is at the heart of that legislation. What I’ve seen is that most resources and time are being spent on the front end of capturing a subject access request and the means of documenting that. 

I don’t think it’s a big surprise that we’ve only seen investment in the front end, with little investment in the back end. I think a lot of people are waiting to see how GDPR will play out before deciding which aspects of the backend to invest in.

Danske Bank: That’s a fair summary. GDPR is one the biggest projects Danske has ever undertaken; we have hundreds of people working on it across the Danske Bank group. The vast majority of that work effort has been to do with the customer facing side of things around consent and data access rights. The bit I’m involved in is how we’ll use data internally i.e. profiling. Firstly, we want to meet our legal obligations and then we can look at how to use our data and ultimately improve customer experience.

On a similar note, how do you think Open Banking play out?

Danske Bank: We’re excited by the prospect of Open Banking as it will create the opportunity for customers to share information about how they operate their bank account with companies they trust. We’re keen to be at the forefront of Open Banking and launched the ‘Open Banking Challenge’ to support and develop the best of local innovation in this area. We’re lucky in that Belfast has a great fintech scene deriving from the ‘Wombat’ effect - it would seem that nearly everyone in the Belfast fintech scene ‘graduated’ from Wombat after they were bought by the NYSE.

Going back to the initial recruitment question, we also have a close relationship with the universities in Northern Ireland and have a knowledge transfer programme with Queen’s University to nurture the best and brightest of data scientists post-graduation.

Many banks will be concerned with implementation, particularly where third parties are concerned. How smooth was the process and where is the software run from?

Datactics: As Marion mentioned, our PoC took a matter of weeks and that’s not hyperbole. We completed a PoC recently in Reykjavik which consisted of two engineers working on 10% of a bank’s data, trialling and evaluating our technology. The reason we’re able to do that is because our product ships with thousands of out-of-the-box documented rules around different regulations so that we can run pre-canned reports; essentially, we’ve predigested legislation and turned it into a set of rules. When we turn up at the bank, we plug in our platform and the bank can go.

Danske Bank: I was really impressed with how smooth the implementation process was. I’ve been involved with PoCs in other organisations and they can be very painful and time consuming. When the Datactics engineer came in, we showed her where our data sources were, what we would ideally like and there was really very little toing and froing. By the end of the first week she had preliminary results out and by the end of second week we had our data running through 120 rules - the majority were out-of-the-box and some were bespoke to ourselves.

Within the two weeks, they created the prototype of connecting their software our BI tool Tableau and creating a dashboard as well. The customer service was also very important post-implementation and that’s more to do with the culture and size of the company.


bobsguide is hosting a webinar titled 100 day countdown to GDPR: Are you ready? on March 7. Register for this free guide to GDPR compliance today.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development