Envy Blog

GDPR and the FinTech Industry: What Marketers Need to Know

Written by Billy Cina | Oct 16, 2018

By working in the FinTech industry, you’re no stranger to the restrictions and demands of government regulation. But if you’re like most companies, the General Data Protection Regulation (GDPR) may still have you running scared, especially if you are not quite compliant and living in denial about it. According to a report published by TrustArc, only 20 percent of companies were GDPR compliant by July 2018, and a full 27 percent hadn’t even scratched the surface yet.  

GDPR, a set of data privacy and security laws whose goal is to protect the personal data of all EU citizens, applies to every industry that collects user data – and FinTech is no exception. Hopefully on some level, avoiding penalties should be incentive enough to be GDPR compliant. But also handling high amounts of sensitive data and maintaining clients’ trust is an enormously important KPI for the financial industry.

There’s no other way to spin that one!   

If You’re Behind Schedule…


The good news is that you are not alone if you haven’t started at all, but you really need to get yourself organized ASAP. Start with these
steps.

1 - Audit your databases – Map your data to determine where your information is stored and transferred. This can be done in-house or by hiring an audit team to get the job done quickly and efficiently.

2 - Update your privacy policy – Draft a policy that highlights your company’s transparency. Confirm it with your legal team to make sure it’s GDPR compliant.

3 - Appoint a Data Protection Officer – This employee should have a deep knowledge of GDPR requirements in order to oversee the compliance process across all company departments.

So What’s in it for FinTech Companies?


Because lead generation, customer acquisition, and retention are key parts of any FinTech marketing campaign and they’re also the main focus of GDPR, FinTech marketers must make sure that every single person in the company’s database or CRM has a legal basis.

What’s the best way to do this?

We use HubSpot for most of our inbound marketing campaigns because hands-down it has easy-to-use GDPR compliance pre-settings to ensure that every contact entering the database has a legal basis. The settings were built with guidance by the company’s knowledgeable legal team so that all data collected will be GDPR compliant no matter how the settings are configured.

Breaking it down further, here are the most important things every FinTech marketer needs to know about GDPR and how HubSpot can really facilitate making your FinTech company compliant:

  • Personal consent – Also known as lawful basis of processing, this requirement demands that every person submitting data to your company is doing so knowingly, and that s/he has a way to dictate how marketers can use this sensitive data. To fulfill this requirement, companies must clearly state how they intend to use the data they gather and to offer website visitors the opportunity to set their usage preferences. HubSpot simplifies this process by recording how each lead is acquired and which consent features have been granted to provide a better user experience for both your users and your marketing team.
  • Right to be forgotten – Also known as withdrawal of consent, this stipulation means that everyone in a database must be able to remove their data from the system as easily as they gave it. HubSpot’s GDPR settings enable all users to withdraw consent at any time and to have their preferences updated directly in the leads database so that FinTech companies have a legal record of every interaction.
  • Cookies – Cookie consent messages must be presented in a language that the user can understand. HubSpot has eliminated the headache of this requirement by developing a system that will display cookie messages in the right language based on location. This service is a huge benefit for FinTech companies targeting a global audience that  don’t have translators in every language.
  • Deletion and modification – GDPR requires that your contacts be able to request that you return their data to them, or that you delete and modify their data at their request. Not only does HubSpot make it easy for you to permanently delete all data, but it offers users the ability to add re-add warnings if the system tries to re-add a contact that was previously deleted.
  • Security measures – Not every marketing team has the technical prowess to secure their database as required by GDPR. HubSpot addressed this problem by updating its security infrastructure to be fully GDPR compliant. Plus HubSpot has added additional security features to their product roadmap to make sure that all HubSpot clients will be compliant at all times.

We’re not going to sugarcoat it: GDPR compliance is anything but easy and simple.

On the other hand, HubSpot makes it much much easier.

And being GDPR compliant presents a great opportunity for FinTech companies to create a higher degree of trust between your company and your potential customers. And this we know is going to help you yield more relevant leads down the road ultimately.

Where Does This Leave Us?


We heartily recommend going the route of embracing GDPR compliance. It’s safer, and for that matter, smart in every sense of the word.

But it’s not gonna be enough for your own company to be GDPR compliant; all vendors and partners must be compliant as well. Choosing a marketing agency that is knowledgeable about GDPR, the FinTech world, and uses HubSpot can make a huge difference in helping you increase your MQLs and hit your KPIs which makes all of it in our minds a huge win-win.