The introduction of General Data Protection Regulation (GDPR) in May 2018 has had a big impact on businesses in most industries.
For the lending sector in particular, which deals with a lot of sensitive customer data including financial records, this is clearly evident.
As the biggest data regulation change for a generation, GDPR was designed to better protect individuals and their information, but for lenders it has meant a lot of extra work.
The immediate effect of its introduction has been clear in a few ways.
Mortgages
One of the main types of lenders that have found dealing with GDPR difficult has been mortgage providers. Data minimisation has been the approach most have taken to best avoid falling foul of the new regulation, but for mortgage lenders that hold a massive amount of personal information about their customers, this can cause an issue.
Everything from their dates of birth to salary, unemployment and more is kept on record. This makes any potential data breach a serious concern but minimising the amount of data stored is also tricky, as much of it is required to make mortgage decisions. Instead, mortgage providers have to do their upmost to avoid any breach, mainly through the education and training of staff.
Online Forms
It’s not just existing customers’ data that can put businesses in the lending sector at risk of going against GDPR. The majority of loans, mortgage and other lending companies such as Likely Loans all have contact and submission forms on their sites which can be filled in for a quote or further information.
One aspect is that for any form on a website to be compliant it can no longer include pre-ticked boxes on forms (as it’s not considered actual consent). It also needs to be incredibly clear for potential customers about what will happen when their details are submitted, which can be confusing for those using comparison sites that don’t directly deal with users.
Privacy Policies
In reaction to GDPR all lenders will have updated their privacy policies. A key aspect will have been for it to clearly detail how long data will be stored for and adding a process that removes all this information after that amount of time. The use of cookies needs to be included within this as well, explaining the type of information collected and what it will be used for.
It is still only early days after the introduction of GDPR, yet the impact on the lending sector is clear. If you run such a business, make sure you are meeting all the above to meet compliance.
