Top three considerations for anyone starting out:
from the ICO Blog
GDPR must be your guide
Build in data protection from the very beginning, and put individual rights under the GDPR front and centre.
Design with the user in mind
Your customer expects you to come up with a system that is straightforward, secure, and effective in achieving their goals. Think carefully about the customer journey – how will you tell them what’s happening? How will you give them control?
Work together
It’s important that you collaborate and work with other organisations in your sector from the beginning. The whole point of the Open Banking Initiative is in the name – open APIs, open standards and open thinking
The principles are about right at the highest level.. but #3, “collaborate and work with other organisations in your sector” is going to be a pretty big cultural change or even shock to most organizations, in particular IT. The CIO built the ramparts, dug the moat and installed the portcullis around the organization’s systems and stores of data. Value and competitive advantage emanated from these places. Just as they’re trying to get the organization to lock down personal data to comply with privacy laws, they are simultaneously being told to open it up. Requires a pretty big mindshift to serve two separate objectives UNLESS you design this from the ground-up baking in privacy to the fundamental consumer value proposition.
Blog: The benefits of sharing personal data – what can we learn from Open Banking? from the ICO