To take a loan, a customer needs to reveal much information regarding himself/herself, so that the lender may assess the risk properly and also to ensure that the customer can’t get away without repaying the loan.
While getting a loan is relatively easy from a digital lender, a customer needs to reveal more data for it.
So, in case you have revealed all the required information about yourself to get a digital loan, how to ensure that the data is well protected to ensure that your privacy is not jeopardised?
Read More: TCS to create 1,200 new jobs in US amid layoff season
Commenting on the data protection in regard with digital lending so as to not jeopardise the privacy of the customers, Aditya Kumar, Co-founder & CEO, Niro, said, “Based on the recent digital lending guidelines issued by the Reserve Bank of India (RBI), data that is collected by digital lending apps (DLAs) needs to be ‘need-based’, explicitly consented to, and have clear audit trails.”
Kumar lists the following steps to explain the data protection mechanism in digital lending:
Need-based Data Collection
The first, i.e. need-based data collection refers to the collection of data by DLAs that is actually needed for loan assessment or underwriting purposes. DLAs in the recent past have been known for the collection of data that is not strictly needed for loan assessment, e.g. photos, contact lists, etc. which could, in turn, be used to harass customers.
Read More: How to make the most from National Pension System (NPS) investment
Seeking Explicit Consent
The second, seeking explicit consent from customers for data collection requires DLAs to explicitly and specifically seek permissions from users on data that is being collected. Previously, DLAs would often bundle consents into “one tickbox” which resulted in the user unknowingly consenting to data collection. Regulations now also require DLAs to be able to accept, or deny, consent use of specific data, as well as revoke previously granted consents. Users must also be given the option of deleting previously collected data through a button on the app.
Clear Audit Trails
The third, needing clear audit trails, requires DLAs to maintain logs of all data (and respective consents) for audit by regulated entities, such as banks and NBFCs – i.e. their lending partners. This allows REs to ensure that data collection is actually need-based, as well as explicitly consented to.
“Overall, the data protection guidelines aspire to ensure that customers are aware of the data being collected, explicitly consent to its collection, have the power to delete the data collected at will, and make sure the data is treated with care and due ownership. Overall, the regulations have ensured that the customer remains empowered throughout the digital lending process,” said Kumar.
