If you are an IFA and wondering how GDPR affects your financial website, we’re going to outline some advice for you here.
We are not a legal firm, so make sure you first seek professional legal advice before you take action.
That said, we have spent the last 2 weeks on high alert – helping financial advisers upload their GDPR-compliant privacy policies, cookie policies, and integrating SSL. So our experience might help you.
So, what are some of the possible actions your financial website might need to take in light of GDPR?
#1 SSL Upgrade
If your financial website does not start with “https”, then you could be facing trouble.
Most IFAs use contact forms on their website, where a user can submit their information to request a call back, download a financial report or make an enquiry.
There’s nothing wrong with this approach per se. In fact, this is good marketing practice.
However, if your financial website is sitting on “http” and not “https” (SSL), then your users’ personal information will not be secure when they use your contact forms.
You can tell if your website has SSL because it will have the “https” prefix on the URL, and there will also be a green padlock symbol preceding that as well.
If you look up on our URL, for instance, you’ll see an example of how this looks:
Upgrading to SSL, however, can be a bit of a tricky process. If you speak with your website designer or hosting provider, they should be able to help you.
Bear in mind that there are free SSL certificates available on the web, but it is better to get a paid one which offers all of the support and guarantees you need.
Costs can be up to £75 per year. But to keep your users’ data safe, it’s a price worth paying.
#2 Updating Your Privacy Policy
Your website might well have a privacy policy already, but that doesn’t mean it is GDPR compliant.
This is a tricky area. Some IFAs have contacted us asking for a “GDPR compliant template” which they can simply upload as their privacy policy.
Unfortunately, every IFA controls and processes data in different ways. So you should avoid relying on “pre made” privacy policies, which claim to provide you legal cover from GDPR.
As far as we’re concerned, one of the key requirements from GDPR is “informed consent”.
In other words, IFAs must immediately inform their website visitors about how they control, and process, their users’ and clients’ personal information.
One way forward is to provide a “cookie banner” on your financial website, which displays immediately to visitors upon their arrival:
On the example here, for instance, you can see the cookie banner at the bottom of the page.
When the user clicks on “Find Out More”, they are immediately directed to Leodis’ privacy policy, which informs them about how their personal data is collected and used.
#3 Digital Marketing Items To Consider For GDPR
There are a range of digital marketing tools used by IFAs which are affected by GDPR – many of which financial advisers are unaware of. We’re going to list some of them here.
If you are using any of these tools on your financial website, make sure you speak to a lawyer about how this should be brought into your privacy policy.
Even if you are not using them now, you might use them in the future. So they’re worth considering:
#1 Google Analytics
If your financial website does not have Google Analytics, then it should.
Yes, that was blunt. But there really is no excuse for it. Google Analytics gives you crucial insight into how people are behaving on your website, which is incredibly useful information to have.
The challenge you will need to address, however, is letting your users know how you use Google Analytics in relation to their personal data.
Since you are gathering data on website visits (e.g. which pages people are looking at, and how they arrived at your financial website) you will need to spell this out in your Privacy Policy.
Although you cannot directly ascertain people’s names, email addresses or phone numbers using Google Analytics, there is an argument that it still collects people’s personal information.
For instance, what about user names people use to access content on your financial website?
What about the searches people enter into your site’s search facility, which you can identify?
Unfortunately, Google Analytics will not cover the GDPR side of things for you. They have taken steps to ensure their own compliance, but you still have responsibilities as a user of their software.
#2 Social media pixels
Some financial websites use a tracking code on their website, from social media sites such as Facebook.
The benefit of these kinds of codes is that they allow you to track user engagement with your social media campaigns, within the social media ad manager (e.g. Facebook Ad Manager).
They also frequently allow you to show social media adverts to previous visitors of your website.
Where you will need to be careful, however, is in explaining to your website visitors how you collect and process personal data which is ascertained in this way.
#3 Google AdWords – Display & Remarketing
Google remarketing works in a similar way to the social media remarketing pixels described above.
In other words, previous visitors of your website will be shown your adverts as they traverse the web. This is achieved through use of cookies, which are placed in your users’ browser.
Again, if you are using this functionality on your financial website then you need to clearly inform your users how this all works in your Privacy Policy.
