Share this article

Is your finance business GDPR compliant?

It must be by 25 May 2018

For marketers in the finance industry, data is everything. In recent years, data scientists and content marketers have been collaborating to produce increasingly targeted, insight-driven campaigns.

Subscribe now

But the world is waking up to the value of personal information, and as regulations become ever more stringent and General Data Protection Regulation (GDPR) requirements come into place, finance businesses must take the opportunity to review their data practices.

Here’s our guide to everything finance marketers need to know about the new rules.

What is GDPR?

GDPR (General Data Protection Regulation) is new legislation governing privacy and data protection. Drafted by the European Union, it will come into effect on 25th May 2018.

The purpose of GDPR is:

  • To provide greater data protection rights to individuals
  • To ‘harmonise’ data protection laws across the EU
  • To create legal certainty for businesses who use data
  • To increase consumer trust

Who will be affected by GDPR?

Every business that processes EU citizens’ personal data needs to comply with GDPR. The business itself does not need to be based in the EU.

So what does this mean for my marketing team?

This new regulation will certainly change how finance businesses execute their marketing. Although it may seem intimidating, and new ways of working will require diligence, GDPR provides finance marketers with the chance to rebuild consumer trust.

By building a strategy that clearly communicates changes to data protection, privacy, and individual rights, customers will feel secure and more trusting of their relationship with the brand.

This new regulation will certainly change how finance businesses execute their marketing.

To make sure you are ahead of the game, here are just a few of the steps you can take:

  • Check that your data storage and use comply with regulation – this is not just customer account information, but marketing data too. You may need to implement a data audit.
  • Ensure the privacy notice on all correspondence meets the requirements of GDPR – it is likely that this statement will need to be reviewed and updated. A privacy notice checklist can be found here.
  • GDPR is particularly strict around customer consent. When it comes to your customers receiving correspondence from you, they must have positively opted in. Make sure you review your newsletter, SMS updates and online account settings. Specific requirements are found here.
  • Review your data breach protocol. As a financial services firm, you are sure to have a crisis communications strategy in place should a data breach occur. Ensure that this is updated to reflect the new reporting requirements in GDPR.
  • Nominate a Data Protection Officer who will be responsible for compliance with the new regulations and ensure they have a regular check-in with the marketing team.

GDPR is a landmark piece of data security regulation, but it also presents the unique opportunity for finance businesses to rebuild trust with their customers through proper treatment of data.

The Information Commissioner’s Office (ICO) has released a 12-step guide to getting ready for the GDPR. We recommend you refer to this for all the details. The guide is available here.

You can read the full text of GDPR here.

Subscribe now

Rachel Lobley
A specialist in marketing strategy, Rachel has worked on consultancy, content and PR projects for a number of international finance and insurance brands out of London. Now in Australia, Rachel enjoys producing strategic content for the Aussie market and getting to know her new surroundings. When not at work, she's out enjoying restaurants and attempting to do some exercise.