Open Banking: Care before you share

As Open Banking improves the availability of third-party financial software to small businesses, we detail considerations entrepreneurs should make before sharing their banking data.

Businesses need solid financial data. Besides being necessary for compliance, accurate data can provide insights into business health and pave the way for the next stage of growth. But, for most small businesses, the skills needed to interpret data are in short supply and it’s hard to make time to turn raw data into actionable insights.

That’s where software (like Xero) comes in, making it easier to process and interpret financial information, and turning data into a valuable commodity as a result. It can be a real resource, and an increasing number of entrepreneurs are looking to software as the first step towards stronger business performance.

But what does third-party software mean for your data’s privacy and security? And what can you do to make sure shared data has a positive impact on your business?


The compliance complication

In the EU (and globally) lawmakers use legislation to protect companies and states from the negative impacts of poor data governance. When you’re dealing with third-party software, there are resultant implications for your choice of provider and serious consequences for those who flout the rules.

From GDPR to Making Tax Digital, legislation can force change in the way you use data, but it also means you have to be diligent about sharing it. Open Banking will mean that it’s easier to share financial data with third parties, but what do you need to do to make sure you’re staying compliant and secure?


Know and stick to the rules

Legislation changes regularly, so make sure you consult an expert (like your accountant or legal counsel) about the implications of using specific software.

There are rules around data storage, use of customer data, and reporting in the UK and EU – where Open Banking and PSD2 are going to have the biggest impacts. So it’s crucial that you and your team are clued up about the implications of sharing data with specific software providers.


Check for conformity to standards

There are a number of standards that ensure data remains secure and private globally. It’s important that you check your service provider conforms to or is working towards existing and upcoming standards like GDPR (General Data Protection Regulation), PCI DSS (Payment Card Industry Data Security Standard) and ISO 27001.

You should also check to see if they are accredited by the relevant governmental bodies to perform the necessary functions. For instance, Xero is an HMRC-recognised VAT software provider.

Many trustworthy organisations will also provide an SOC2 (Service Organisation Controls) report on security, availability and confidentiality that provides a detailed review of internal systems.


How private is private?


Even after you’ve made sure you and your service provider are following the relevant rules for your region, you’ll still want to be careful with regards to privacy. Your data belongs to you, and when you have free reign to share it with third parties (as you will with Open Banking) it’s easy to presume the provider doesn’t have any nefarious terms of service.

Most of the time, this is true. But it pays to check what your service provider will be doing with your data following your consent to use it – especially when the cost of the service seems too good to be true. Terms of service may be lengthy (and tedious) but the only way to be sure is to read before you agree.


What's in it for you?


Some services are relatively inexpensive for small businesses to access so it’s easy to perceive the value as outweighing the cost. But it’s a good idea to be conscious of the return you’ll see as a result of sharing your data.

What are you getting from the software provider? Could you get the same functionality and benefits from a provider who you already entrust with your data? Make sure you check. Is this a service you will use regularly? If not, make a note to revoke access to your data once you’re done with the service.

If you know you’ll derive value from the service, and you’re satisfied with the compliance and privacy of the service, Open Banking will make sharing your banking data easier and more secure than ever. So go ahead and share, and enjoy the benefits of a more competitive financial software environment.


If you want to know more about how Open Banking will affect you, including the timeline and information for accountants, bookkeepers and small businesses, you can learn all about it at the Xero resource centre.

Learn more