More than two-in-five UK finance brands non-compliant with data protection laws
A new study suggests that close to half of UK finance brands are non-compliant with data protection laws. The research from digital-specialist consultancy 7DOTs shows this may be because many in the sector are accessing browser storage for either advertising or analytics, without obtaining consent from the user.
The General Data Protection Regulation (GDPR) is a European regulation governing how organisations manage and structure their customer and employee data. Under it, organisations dealing with European consumers will have to prove they have proper data-processing controls in place and that they comply with GDPR – or face hefty fines.
While the landmark regulations arrived in 2018 with a great level of public grumbling from private firms about the projected cost of GDPR compliance, however, it has since become clear that many companies are still flouting the rules – exposing themselves to legal, financial and reputational damage in the process. The UK’s data regulator, the Information Commissioner's Office (ICO), is currently issuing record-breaking fines for GDPR breaches – and according to new research from 7DOTS, this could be about to cause huge issues in the country’s financial sector.
The study was based on detailed analysis of the websites of more than 24,000 registered firms with the Financial Conduct Authority (FCA), covering the full spectrum of financial services. This subset of firms had to meet certain criteria, such as having a working website and being regulated for more than just consumer credit. The research was carried out using a custom cookie compliance testing tool developed by 7DOTS.
The alarming findings revealed that of those firms, 43% of finance brands were non-compliant with data protection laws, because they access browser storage for either advertising or analytics without obtaining consent from the user.
According to 7DOTS, payday lenders were most at risk, with non-compliance rates of 67%, followed by 64% of trading venues. Meanwhile 58% of open banking providers were non-compliant. And even while banks, building societies, and pension fund administrators fared better, with compliance rates exceeding 60%, the idea that around two-in-five were still non-compliant shows that significant risks remain in the sector – especially considering the sensitivity of the data these organisations hold.
According to Nick Williams, demand generation director at 7DOTS, the study reveals “a concerning pattern of non-compliance in finance” and raises “serious concerns about clients’ data protection”. He noted that of the non-compliant firms, 72% of them allowed Google to access browser storage on users' devices without getting consent first.
To legally set cookies for the purpose of advertising or analytics you need express permission from the website user, usually granted using a Consent Management Platform (CMP). Failing to do so could lead to inappropriate or unwanted financial adverts based on profiling. It opens up the potential risks of hefty fines due to non-compliance, even though many providers will be unaware that there is an issue.
Williams added, “Trust is the foundation of positive digital experiences, and customers rightly expect their data to be safeguarded. At 7DOTS we’re on a mission to help brands get their websites compliant. Most brands are completely unaware of the issue and we are urging them to check their website compliance. If you’re a brand and are not sure if you are compliant, use the tool and feel free to reach out to us if you need some advice."
7DOTS is a digital innovation company combining strategy, technology, and creativity to create extraordinary digital experiences that help businesses grow and thrive. The consultancy works for clients including Coca Cola, Marsh, Clearwater, Miller Insurance, University of Surrey and Mercer.
