Blog

How to Stay GDPR Compliant in Your Marketing

Riona Mulherin

Riona Mulherin

12 August 2024

The General Data Protection Regulation (GDPR) made huge waves in the marketing world when it came into effect in 2016. GDPR changed how firms handle personally identifiable data. Essentially, this includes any information that can be used to contact someone, whether that’s directly or indirectly. Crucially, this applies to contact details collected as leads and the methods firms can use to contact their customers directly. The financial industry, including financial advisors, faces stricter requirements under GDPR, making it really important to stay informed and compliant.

The Goals of GDPR Are:

  • Provide individuals with more control over their personal data.
  • Clarify how businesses can use that data.
  • Require businesses to allocate more resources to data privacy and take increased responsibility for it.

Key Marketing Responsibilities Under GDPR

Under GDPR there are some really important responsibilities which will come under the marketing umbrella for your business. Whether or not you have a dedicated marketing team, it is still vital that you are aware of the following:
  • Clearly record opt-ins and opt-outs: Ensure that your audience knows exactly what they are signing up for. For example, when adding users to a mailing list, their consent should be clearly documented, such as through an explicitly labelled checkbox on a contact form.
  • Outline and honour data subject access requests and deletions.
  • Communicate any data breaches effectively.
  • Regularly update your website’s privacy policy and terms & conditions.

Legal Bases for Processing Data Under GDPR

GDPR really clearly outlines the following legal bases for processing data. This means these are, legally, the only reasons your business should process someone’s data:
 
  • Contractual obligations
    Based on a contract signed between the firm and the individual, you are carrying out actions laid out in the agreement. Most services a financial advisor carries out will come under this.
  • Legal obligations
    Similar to the above, as a financial advisor you will often have a legal obligation to process a customer’s data as you carry out your services.
  • Vital interests
    This includes any interests that are necessary to protect someone’s life – this is a very limited basis.
  • Public interest
    This is most relevant to public authorities who carry out public services, such as governments or utility companies.
  • Legitimate interests
    This is the most flexible legal basis, but it’s important to not assume it is the most appropriate. Essentially, it needs to be processed in a way that the individual would expect. For example, if a customer’s mortgage deal is coming to an end, it would be within their legitimate interest for you to contact them to let them know.
  • Consent
    Most direct marketing activities will require direct consent, as when it comes to marketing, the need of the firm is usually greater than the need of the individual. Therefore you need to have documented explicit consent from people in order to contact them directly, whether that’s via email, SMS, or direct mail.

How does this impact your marketing?

Direct marketing involves contacting customers using their personal data, such as through email, telephone calls, or direct mail. When your firm carries out any direct marketing, it's essential to have clear, documented consent from the individual. A great way to do this is via contact forms with a checkbox that they have to tick in order to be added to your list.

Inbound marketing has its own challenges. A lot of digital marketing methods, such as social media (both paid and organic), typically does not target individuals directly, you need to process any information submitted to you correctly. For example, when customers provide identifiable information like their name and contact details through forms, these processes must be GDPR-compliant.

Handling Issues and Complaints

If something goes wrong, any individual who has provided data has the right to file a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO). The ICO can act against a firm that fails to comply with GDPR, and individuals can seek compensation in court if they suffer damage due to non-compliance.
When determining fines or compensation, the following factors are considered:
  • The level of cooperation from the firm
  • The categories of personal data affected.
  • How the infringement became known
To protect your business, it is essential to document all processes and actions taken to ensure compliance with GDPR.

Actions Financial Advisors Can Take to Stay Compliant:

So, based on what we’ve gone through so far, what can financial advisors do to stay compliant?

First, we’d recommend carrying out a review of any contact forms to make sure they are clear and understandable. Think about it from the point of view of the customer, is it clear what they are signing up for? Remember that under GDPR you can’t have any pre-ticked checkboxes or assume consent.
Your firm should have a process to manage any subject access requests you receive, including requests for data deletion. Go through all of your internal systems so you know where data is stored, and that it is all necessary.

Review your marketing campaigns to make sure any direct marketing is only contacting people who have given you consent. If you’re unsure, then it’s best to err on the side of caution.

Staff should also be kept up-to-date on the requirements and best practices, just in case anything else comes through. In a lot of financial services business, most team members will come into contact with personal information at some point, so it is important that they know how to handle it correctly.
Your firm should have a Data Protection Officer (DPO) or someone with responsibility. This person will be in charge of your GDPR processes and will be the main point of contact if there are any issues.

To enhance GDPR compliance, financial advisors should implement a few key practices. First, regularly review and update consent forms to ensure they are clear and easily understandable, specifying exactly what the consent covers. Additionally, establish a robust process for managing and documenting data subject access requests, including requests for data deletion. Regularly audit your data collection and storage practices to ensure that only necessary and relevant data is retained. It is also beneficial to provide ongoing training for staff on GDPR requirements and best practices, ensuring that everyone understands their role in protecting client data. Finally, appoint a Data Protection Officer (DPO) or assign responsibility to a qualified team member to oversee GDPR compliance and act as the point of contact for any data-related issues.
 

Reading this blog counts towards your CPD!

Click here to add this session to your Paradigm CPD log.


19 December 2024

Housing Market: 2025 Outlook


28 November 2024

Suppressing landlord activity won’t automatically improve first-time buyer prospects


25 November 2024

The Co-operative Bank for Intermediaries, streamlining processes and expanding product ranges


21 November 2024

Better off dead? The need for critical illness cover


18 November 2024

What the OBR’s five year forecasts mean for the market


11 November 2024

Exploring the latest in Defaqto Engage: A comprehensive roundup of new features and enhancements.


25 October 2024

Advisers should rethink their regulatory status to keep up with sector changes


16 October 2024

Your Business Matters


7 October 2024

What may impact BTL and Resi markets in 2025?


1 October 2024

Why Gen Z could be the perfect match for protection


30 September 2024

Self-employed mortgages can be easy, if you choose the right lender


26 September 2024

Lenders and regulators must be careful not to add to adviser disillusion


19 September 2024

There may be trouble ahead…


2 September 2024

Source Go: The Modern Answer to the GI Question


29 August 2024

Pre- and post-mini Budget remortgagors need guidance in transformed market


23 August 2024

Guardian's 2023 claims report: a milestone worth celebrating


14 August 2024

Rate cuts are a positive story for advisers


7 August 2024

Mind the gap (s)...


1 August 2024

The mortgage market is set for a teeming H2


29 July 2024

Aldermore are backing more of your clients to go for it


22 July 2024

YOU SAID, WE DID!


12 July 2024

A surge of optimism for the market


9 July 2024

Distribution of Wealth


3 July 2024

Consumer Duty one year on – what might happen next?


24 June 2024

How to increase your protection business


17 June 2024

Consumer Duty will mark new era of continuously changing advice


6 June 2024

Mental Health Matters: Workplace Wellbeing


21 May 2024

Advise or refer? Ensuring the best possible outcomes for your clients


15 May 2024

Darlington Criteria Updates


14 May 2024

And The Wait Goes On


10 May 2024

Cap on broker fees sparks industry debate


1 May 2024

Expect the unexpected


15 April 2024

Ready, set, remortgage!


12 April 2024

How the mortgage market is failing new arrivals to the UK


11 April 2024

A compliance refresh will lighten unavoidable market stress


4 April 2024

What is driving the Specialist Residential and Buy-to-Let markets this year?


4 April 2024

A Government that prioritises owner occupiers at the expense of the PRS


28 March 2024

What is your website for?


19 March 2024

Exploring the value of value added benefits


4 March 2024

Artificial intelligence – friend or foe to advisers?


21 February 2024

RESTRICTIONS LIFTED?


9 February 2024

Trust your own gut when listening to market predictions


7 February 2024

Strategic thinking - Is this time for a new look at how we work as a business?


8 January 2024

The Name's Bond...


21 December 2023

PTs remain a big part of the marketplace


21 December 2023

Not all wine and roses but outlook is better


15 December 2023

Artificial Intelligence: A vision for the future


12 December 2023

Reflecting on 2023


11 December 2023

Mental Health Matters: Menopause


8 December 2023

Looking ahead: Reasons to be cheerful about the market in 2023


17 November 2023

Why TikTok could be a winning tactic for brokers


30 October 2023

How advisers can improve the quality metrics with insurers


27 October 2023

The Aggregator Market - Friend or Foe?


25 October 2023

Don’t let Charter support remove advice from the mortgage process


3 October 2023

How to strengthen your defences against cyber threats


29 September 2023

White Dragon Communications


8 September 2023

Advisers deserve recognition for keeping borrowers on lender books


8 September 2023

Claims history of an insurance should form core part of assessing true value of insurance and advic


23 August 2023

The good, the bad & the ugly of using Artificial Intelligence (AI)


14 August 2023

Accessibility in your marketing


14 August 2023

Choosing the right social media platform for you


7 August 2023

Staying safe online


4 August 2023

The blasé attitude towards sudden mortgage withdrawals is not good enough


1 August 2023

Is your content compliant?


10 July 2023

The argument for higher proc fees for better quality business is undeniable


22 June 2023

Product withdrawal timescales and how brokers can adapt


1 June 2023

We're not in mini-Budget territory yet!


24 May 2023

Skipton’s 100 per cent mortgage should be replicated, not feared


30 April 2023

Protection And Mortgage Fair Value Assessments – What Is My Actual Responsibility?


6 April 2023

Lenders will compete on mortgage rates, but don’t expect a price war


27 March 2023

Vulnerable Customers and Economic Abuse


10 March 2023

Tell borrowers to stop waiting for mortgage rates to fall


7 March 2023

Mixed messages from Bank of England boss ahead of MPC meeting


6 March 2023

Take the Consumer Duty seriously when it comes to protection


17 February 2023

Mortgage Market Update


10 February 2023

Let’s not be hasty and write off this year’s property purchase appetite


6 February 2023

Implementing Consumer Duty


9 January 2023

Income Drawdown – moving with the times


9 January 2023

Why it’s so important you tell us about your vulnerable customers


5 January 2023

Why advisers are so vital in the mortgage market


Paradigm

THIS SITE IS FOR PROFESSIONAL INTERMEDIARY USE ONLY AND NOT FOR USE BY THE GENERAL PUBLIC.

APCC MemberConsumer Duty Alliance

Paradigm Consulting is a Member of the Association of Professional Compliance Consultants and also the Consumer Duty Alliance.

Paradigm Consulting is a trading name of Paradigm Partners Ltd
Office address: Paradigm Partners Ltd, Paradigm House, Brooke Court, Wilmslow, Cheshire, SK9 3ND
Paradigm Partners Ltd is registered in England and Wales. No.09902499. Registered Office: As above

Paradigm Mortgage Services LLP
Office address: 1310 Solihull Parkway, Birmingham Business Park, Birmingham B37 7YB
Registered in England and Wales. Company No: OC323403. Registered Office: Paradigm House, Brooke Court, Lower Meadow Road, Wilmslow, SK9 3ND
Paradigm Mortgage Services LLP is a Limited Liability Partnership.

Paradigm Protect is a trading name of Paradigm Mortgage Services LLP
Office address: 1310 Solihull Parkway, Birmingham Business Park, Birmingham B37 7YB
Paradigm Mortgage Services LLP is registered in England and Wales. Company No: OC323403. Registered Office: Paradigm House, Brooke Court, Lower Meadow Road, Wilmslow, SK9 3ND
Paradigm Mortgage Services LLP is a Limited Liability Partnership.