avoid common mistakes: GDPR for financial services companies

Joy Ugi Deliverability

Learn what to avoid when it comes to GDPR for financial services companies.

*This GDPR for financial services companies advice should not be construed as legal advice. These are marketing tips. Consult your legal counsel for official direction about GDPR.

While the General Data Protection Regulation (GDPR) enacted on May 25, 2018 is making everybody’s heart beat a little faster, the financial services industry may have a little more at stake.

After all, not only does the financial services industry collect common data such as name, phone number, email address, and demographics… you store information nearest and dearest to people: their money.

And while you’ve always had to take security measures to ensure your customers’ information is protected, it’s now more important than ever to make sure you have even stricter rules in place and that they’re lock tight. You’ll have to know at a detailed level about each and every piece of data you manage and store.

No easy task, right? It might take a little elbow grease at first, but once you’ve avoided the common mistakes of GDPR for financial services companies and compliance becomes a habit, everything will become smoother.

 

Download the GDPR Checklist!

mistake #1 – ignoring proper subscriber acquisition and communication tactics

Every financial services company sends transaction confirmations via email. The GDPR says this type of business-related messaging is allowed.

That being said, we go by the tried-and-true rule of better safe than sorry.

An email address and the information that goes along with it is at the core of the the new EU law implementation rules. We’d advise to clearly ask for the opt-in whenever you can. Your customers shouldn’t be receiving any emails they don’t expect from you. In whatever way you can, whenever you can, make it clear to your subscribers they’ll be getting confirmation emails from you.

When it comes to subscriber acquisition for marketing emails, the rules are even tighter. Be explicit about why you’re collecting subscribers’ personal information, how you’re going to use it, if any of your partners will have access to it, or if it will be used for retargeting. Include a link to your updated privacy policy at the bottom of every form.

According to the ruling, emails can only be sent to subscribers who’ve opted in clearly and explicitly. In other words, you’re not allowed to use shady email marketing subscriber acquisition tactics anymore. We’re talking no-nos for pre-checked boxes on forms or subscribing people just because they’ve entered their email addresses into a contest or promotional message.

Most importantly, keep a record of every sign up and interaction related to it. It’s essential in proving your case in the event of a (hopefully unlikely) GDPR suit.

mistake #2 – email retargeting

The cookies you use to track your website visitors’ behaviors – aka website retargeting – is a significant topic covered by the GDPR. It allows you to serve advertising to your website visitors and understand what they like and don’t like. But it’s also not allowed under the new ruling – unless you have explicit consent from each and every website visitor.

Most financial services companies can’t live without website retargeting, especially when it comes to their email marketing. It’s the backbone of their messaging. So while getting a “yes” from each and every website visitor sounds like a tall order, not doing it is a huge mistake.

An updated privacy policy will save the day. Sit down with your legal counsel to revise this statement to include clear and specific language about how you’ll be tracking website visitors. Serve this new privacy policy up to new visitors as soon as they arrive with a pop-up. Make sure you give people a way to say “yes” or “no” and again, keep a record of their answers.

Note: If a website visitor chooses not to let you track him or her, you must have a documented and automated process to honor his or her request.

When it comes to GDPR for financial services companies, email and website retargeting are the most important areas for financial services marketers to give their full attention to. It may be possible to tell if an email address is from the EU, but it’s impossible to tell if a website visitor is.

mistake #3 – thinking unseen data doesn’t apply

Financial services companies store a lot of data and that data passes throughDenbunk common email marketing myths of the financial services industry. many different applications over the course of time. Technically, all those vendors have access to that data and this is information you have to acknowledge with your clients, as well as document.

In addition, whether data is in a live production environment, during the development process or in the middle of testing, it still falls under GDPR ruling. According to the law, all data must be masked or pseudonymised in these cases. This ensures no one who’s not supposed to see the data, doesn’t.

Don’t make the mistake of thinking that just because the data can’t be seen, it doesn’t fall under the GDPR privacy law.

conclusion: help with GDPR for financial services companies

There’s no reason to freak out over GDPR for the financial services industry. If the experts aren’t, then why should you?

Yes, it’s true you can be hit with a serious suit if you violate the GDPR ruling like this company did. However, if you avoid the common mistakes related to GDPR for financial services companies, the likelihood this will happen to your brand is slim.

And if you need help with implementation, just reach out. Our team has worked hard to add GDPR-friendly features to our platform, and our strategy team has helped many marketers develop a strategy and execution plan for making GDPR changes to their email marketing programs.

Schedule a demo with WhatCounts Email Service Provider (ESP).

Answers almost everything with “for sure,” enjoys craft beer, loves email, and is always good for a grammar pun. Wrangles content for WhatCounts.