Money Advice Trust and MALG launch new guidance on vulnerability and GDPR

The Money Advice Trust and the Money Advice Liaison Group (MALG) have today launched new guidance for creditors on vulnerability and GDPR. The guidance, which looks at data protection compliance and vulnerable customer regulation, provides practical action staff can take to manage disclosures of vulnerability.

Authored by Chris Fitch, Vulnerability Lead Consultant at the Money Advice Trust, data protection expert Robert Bell, and Colin Trend from the Trust’s Consultancy team, the main guide, ‘Vulnerability, GDPR and disclosure’, is supported by three technical guides covering fundamentals, lawful processing of data and how to record and use data to support customers.

The guides, produced by the Money Advice Trust, were funded by MALG with the support of Experian, NatWest, PayPlan, Shoosmiths, Financial Wellness Group and Vision Blue.

Chris Fitch, vulnerability lead consultant at the Money Advice Trust and co-author of the guidance, said: “These guides will help firms develop a vulnerability data strategy that complies with the GDPR, is aligned with the FCA’s expectations, and is operationally realistic.

“Meeting all three of these objectives at once involves striking a careful balance. It also requires recognising that vulnerability data come from vulnerable people. This sounds obvious, but needs to shape a firm’s approach and thinking.

“The guides therefore look at how disclosures can be sensitively translated into data, what data should be recorded, and whether explicit consent is always required.

“But most importantly, the guidance is there to help firms help vulnerable customers. At a time when recording and using the ‘right data’ in the ‘right way’ has never been more critical, the guides will help firms to take the right practical steps.”

Paul Smee, Chair of MALG, said: “Creditor firms and debt advice agencies are at the frontline of helping people in vulnerable circumstances, and the Coronavirus outbreak has brought that into sharp focus.

“The protections of GDPR are there for a purpose and cannot be ignored. We saw the need for clear and comprehensive guidance on the various requirements around GDPR and vulnerability, presented in a way which is essentially practical and focused on what needs to be done and why.

“We hope that this new guidance will help firms not only to understand GDPR and vulnerability but to put this into practice to continue to ensure the best outcomes for vulnerable customers.”