GDPR: Updates to our application process

21 May 2018

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. We’ve updated our application process to be GDPR compliant. The main changes are as follows:

Marketing consent

What’s changed?

Customers will not be automatically opted in to receive marketing. This means they'll need to choose how they'd like to hear about our products and services.

What do you need to do?

Explain to the customer that we’d like to talk to them about our products and services, and if they’d like to hear about this they can opt in to receive marketing. If they choose not to opt in, it will limit the information, products and services we can offer them.

Privacy Notice

What’s changed?

We’ve updated the content of our Privacy Notice. This contains information on how we use our customers’ personal data. It’ll also explain how we’ll use your own personal data.

What do you need to do?

You’ll need to read through the Privacy Notice when you next login to our online application system, and confirm you’re happy with it before continuing to your account. Once you’ve done this, you won’t need to review it again unless it changes.

You’ll also need to provide the Privacy Notice to your customers to review before you submit their application. A copy of the Privacy Notice can be found at


What’s changed?

We’ve amended our Declaration at the end of the application form to remove any duplication with the Privacy Notice.

What do you need to do?

Ensure applicants have read and understand the Declaration before you submit their application.

Changes to our criteria


We’ve made some temporary changes to our criteria, so we can continue to lend responsibly. Please see our Covid-19 page for more details.