May 15

How online finance companies can be GDPR compliant

Reading Time: 3 minutes

With GDPR coming into effect in May 2018, the General Data Protection Regulation is set to have profound implications on the way companies in the EU use online data. In particular, this will impact the number of online companies and comparison websites that offer loans, finance and insurance and how they use customer information. Below, we explain some of the main things that your online finance site can do to be GDPR compliant.


Tick Box

If you are asking for customer details, whether through a contact form or application, there needs to be a clear tick box at the end. The box must not be ticked already, as the user must manually opt-in.

Your intentions with the customer need to be clear, whether this is receiving future marketing information, a call back or will receive an email with the next step of the loan or insurance application. There should also be a clear link to the privacy policy or terms and conditions (sometimes both) as part of the sign up.

Ultimately, it needs to be clear to the user what you are going to do with their information. A visitor on your website should not simply fill in their details and be unsure of the next step, they should have clear information on what to expect.


Privacy Policy

Whilst it has always been common knowledge to include a privacy policy on the footer of every page of your website, especially for FCA purposes, this is now compulsory for all sites operating in the EU too.

Whether you are a direct lender, insurer or comparison service, the privacy policy should be tightened up to give a clear explanation of what you are going to be doing with the customer’s data. This includes what will happen once they complete an application and how and where their information is stored.

A new GDPR law means that customers have the right for their data to be totally removed from a company’s database, whereby previously the FCA encouraged you to still keep a record of the customer. Therefore, your privacy policy should clearly state this and also give customers the contact information should they want their details removed.


Email Marketing

Prior to the GDPR launch date, website owners of all industries including schools and hospitals, were required to send an email to their database and ask if customers would like to continue receiving their email newsletters. No response to this email would mean that you are automatically unsubscribed which has been welcomed by most email users, but has resulted in a huge loss of database for a lot of companies.

Moving forward, all websites, including loan and insurance providers must have a clear opt-in for email marketing purposes and only send out newsletters to those that have opted-in. Whilst marketing to customers that hadn’t necessarily approved their details might have previously been overlooked, the GDPR now strongly enforces this or prosecutors can be fined.


Storing of Data

The EU reforms insists that all data held by finance companies should be held on servers in the EU. In addition, all data must be held in a secure environment and this can be reinforced through the purchasing of secure servers and adding an https protocol on the company website.


Capture Forms vs Comparison Tables

For online lead generators and broker sites, the role of capture forms runs increased risks with being GDPR complaint. A capture form is typically used to request a call-back or personal quote. To be GDPR compliant, there must be a clear tick box and the customer should have a clear understanding of what to expect once they fill in their details. A strong thank you page can reinforce what you are doing i.e ‘your enquiry will be now redirected to **this company**’ or ‘thank you for your details, you will not receive a phone call from our team.’

Using comparison tables is a very simple way to be GDPR complaint because you are not taking in any data. This is the method of several websites such as, and All The Lenders who offer a clear table of payday loans. It follows the GDPR philosophy because the website is not taking in any data and the customer knows exactly where they are going to. Once the customer has clicked on the lender or insurer of their choice, it is down to the provider to fulfil all the requirements above to be a GDPR champion.



Leave a Reply

Notify of

Related Articles


Make Money and Save Money

ideas for everyone

Send this to a friend