Financial Services and the New GDPR Rules

Forex and finance companies are only just discovering the extent of the new GDPR rules. Data protection (or lack of) has been all over the news of late thanks to the Cambridge Analytica Facebook scandal. Mark Zuckerberg has faced some tough questions regarding the shady data breach which is thought to have affected some 87 million people – but as the drilling continues, a pending 2018 reform of EU data protection rules is about to shake up the digital marketing world. Enter GDPR.

The GDPR Rules – What You Need To Know

The General Data Protection Regulation (GDPR) is an EU initiative that will come into force on 25th May 2018. As of this date, there will be only one set of data protection rules for companies operating in Europe and they will affect you.

Brokers and financial service providers, are you listening?

Yes, we know you’re already battling a host of regulation updates, crypto/ICO ad bans and social media marketing restrictions, but this is the financial services sector and compliance has the final word at the end of the day. GDPR is designed to protect ‘personal data’ relating to individuals and if you’re wondering what that means exactly – here’s how GDPR defines it:

Personal data is:

“Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Personal data therefore includes: personal details, family and lifestyle details, education and training, medical details, employment details, financial details, contractual details, health data and online identifiers – yep, pretty much everything you may have stored over the years.

So what do these new GDPR rules mean for the finance sector and how will they affect content marketing? Let’s take a closer look.

Content Marketers: The Hard Work Starts Now

As you’ve already gathered, data protection is the name of the game and there are a number of GDPR rules that will affect your content marketing strategies – but don’t panic. We’ll break them down and give you some handy SOS ways to cope with the upcoming changes.

Personal data must be processed with consent

There’s a lot to get your head around, but essentially GDPR revolves around consent. Personal data must be processed in a lawful and transparent manner ensuring fairness towards the individuals whose personal data you’re processing. You must, must, must (and we’ll say it again for luck), must get the consent of your clients before using their personal information. Please don’t ignore this rule.

This is likely to affect many of your business practices including email marketing, so what can you do? Here are some useful tips:

Getting consumer consent

  • As of May, you must give people the chance to opt in or out of receiving mail. Consent must be “freely given, specific, informed and unambiguous” and therefore when reaching out to clients you must explain if your company is collecting data and how it will be used.


  • GDPR rules apply to data you’ve already obtained. So, if you want to protect this information and remain compliant, it’s essential to make contact with your email contacts and again make sure they’re happy for their personal data to be used. This might seem like a lot of hard work, but it’s also the perfect time to engage with consumers and reignite their passion for your brand. Consumers are likely to be getting a lot of GDPR information from companies adapting to the new rules, so ensure your business stands out.


  • Contacting consumers is a good chance to weed out any spam email addresses or email subscribers that don’t seem legitimate. If you have your doubts, always double check as knowing where your information is coming from and how it is provided will ensure you don’t breach the rules and regulations unknowingly.

Proving consumer consent

As well as getting the consent of your clients to use their data, you also need to keep track and prove you’ve obtained their consent. You can do this by:

  • Taking screenshots of where the individual has consented
  • Filling out and filing consent forms that can be accessed as and when needed

Takeaway: There’s a lot of hard work to be done as you can see – so don’t leave it all to the last minute. If you haven’t been overly proactive to date, it’s time to grab the bull by the horns and implement those much-needed changes. Get the ball rolling now and ensure your whole business is fully aware of the new strategies that will need to be in full swing by the end of May when the new GDPR rules come into force.

Personal data must be used for a specific purpose

If you’re reusing personal data again and again to meet your content marketing needs – think again. Under the new rules you must have a specific purpose for processing data and must indicate those purposes to individuals when collecting it. Data must be used to fulfil that specific purpose and not be used for other purposes that aren’t compatible with the original purpose of collection.

Sound complicated? It’s really not. Essentially if you’re telling consumers their data will be collected and used for X, it must be used for X and not Y. It must also not be stored for longer than necessary. This is known as storage limitation. You must also safeguard this information using appropriate technical and organisational safeguards.

This might sound like a lot to take in, but being open about data and data purposes can actually be good for business encouraging you to:

  • Maintain a constant flow of communication with clients
  • Develop business-consumer relationships
  • Improve your online reputation and become a reliable, trustworthy company
  • Refresh your marketing strategies based on regularly updated and fully-compatible data

The rules are extensive and as with all financial services regulations it’s essential to read all official information to help you implement new plans and avoid future mistakes. That said; here are some things you really need to be careful with going forward.

  • Sharing information on social media

A simple tweet or Facebook post could land you in trouble if you’ve not sourced information in the correct way. If you want to use stats gathered from consumers – or any sort of quote – be sure that those involved know how, where and why their personal information is being used. And don’t forget to keep a ‘proof of compliance’ record.

  • Sharing information with third parties

If we’ve learnt anything from the Cambridge Analytica scandal it’s that information can be somewhat dangerous if it gets into the wrong hands. Just getting your own, in-house marketing strategies in order isn’t enough. Under the new rules, any third-party processor you use is now directly and legally obligated to also be in compliance. It’s therefore essential to check that third-party vendors have updated their data processing agreements and have added GDPR updates to their regulations and business practices.

If you need help with applying the new GDPR rules to your content marketing strategy, contact the Contentworks team today