Compliance
How do I handle GDPR in financial marketing?
Last reviewed 22 April 2026 · Reviewed by Jake McQuillan
Quick answer
How do I handle GDPR in financial marketing?
Lawful basis (consent or legitimate interests), clear privacy notice, data minimisation, 12-36 month retention with review, data-processor contracts with all vendors.
Want us to do this for your firm?
Get a compliant lead-gen plan tailored to your niche and compliance setup.
Checklist
- Lawful basis declared per data flow
- Privacy notice linked from every form
- Data minimisation: only collect what you use
- Retention policy: 12-36 months default, document exceptions
- Processor agreements with Meta, Google, CRM, email
- DSAR workflow under 30 days
Overlap with PECR
Email/SMS marketing rules are stricter than GDPR; get both right.
Was this useful?
Related questions
Can I run paid ads for pensions in the UK?
Yes, but with strict conditions. All pension ads are financial promotions and must be approved by an authorised approver. Defined benefit transfer marketing is…
How does Consumer Duty fair value apply to marketing?
Fair value means marketing must not disguise total cost, must be aligned to target market, and must deliver real outcomes meaning "free" offers and opaque fees…
What FCA rules apply to financial adviser advertising?
Financial promotions must be fair, clear and not misleading (FCA COBS 4 and the Financial Promotions Regime). All regulated activity adverts must be approved b…
How does Consumer Duty affect my marketing?
Consumer Duty requires every stage of the customer journey — including marketing — to deliver good outcomes. Your ads and landing pages must be clearly underst…
How do I verify my Google or Meta ad account for UK financial services?
Google requires financial services verification via the FCA register (FRN). Meta requires authorisation via their Financial Products and Services policy. Both…