Finova CRM & GDPR

We understand how important it is for brokers to comply with data protection laws. That’s why our Broker CRM is designed to help you meet your responsibilities under the General Data Protection Regulation (GDPR) with ease and confidence.

This guide outlines the tools and processes available within the CRM to support you with each key aspect of GDPR.

Consent management

Key features:

  • A dedicated consent capture area lets you record granular client consent—for essential contact, marketing, and data sharing with third parties
  • Clients can update their consent preferences directly via the client portal
  • The system shows clear alerts if consent hasn’t been provided
  • Integrated marketing tools allow you to contact clients to reaffirm consent, when needed

Data privacy

Key features:

  • Your firm’s privacy policy can be displayed in the customer portal for full transparency
  • For firms not using the portal, privacy statements can be recorded within the CRM to maintain an accurate log of what was shared with each client. This creates a clear audit trail for how data is processed and how consent was obtained

Data breaches

In the unlikely event of a data breach, Finova Broker CRM supports fast and compliant communication:

  • Use our mass-mailing tools to notify affected clients quickly
  • Restrict user access within the CRM to protect client data from unauthorised viewing
  • Access logs and audit trails support breach investigations and reporting

Right of access

Make it easy to fulfil client data requests:

  • Export a complete copy of a client’s data at any time
  • Use our export tools to create files in commonly used, machine-readable formats (e.g., CSV)

Right to rectification

Keep records accurate and up to date:

  • Client information can be edited easily in the CRM
  • Case notes can be used to log rectification requests with timestamps and notes on completion
  • Set diary reminders and track time spent for internal reporting

Right to erasure (right to be forgotten)

Permanently delete data when required:

  • With the correct permissions, users can fully remove a client’s data from the system
  • All erasures are logged to ensure traceability

Right to restrict processing

Temporarily pause processing when requested:

  • Use case notes to record restriction requests and track actions taken
  • System controls allow you to limit data processing on flagged records
  • Set diary alerts to review or follow up on restricted cases

Right to data portability

Provide client data in a usable format:

  • Easily export client data in structured, machine-readable formats
  • Support clients switching firms or reviewing their records with ease

Right to object

Respect objections to data use:

  • Record objections as case notes and assign follow-up actions
  • Withdraw consent at any time, with a full history retained
  • Use time tracking to assess the operational impact of requests

Data security

Finova is committed to protecting your data and the data of your clients. Here’s how we ensure robust security across the CRM platform:

Security measures:

  • All staff undergo DBS background checks before joining
  • Ongoing data protection training for all employees
  • Dedicated EU-based infrastructure
  • Access to production systems is strictly limited and monitored
  • Hosting in ISO27001/2-compliant data centres
  • Web Application Firewalls and hardware firewalls
  • 24/7 threat monitoring and managed cybersecurity support
  • Full daily backups, retained for 14 days
  • Disaster recovery site in place for business continuity
  • Weekly Security Review Panel to evaluate and enhance defences

Need help?

If you have any questions about using the CRM to manage GDPR requests, or you'd like help configuring these features, our support team is here for you.

Broker platform support

01275 400 650

broker.support@finova.tech