Finova CRM & GDPR
We understand how important it is for brokers to comply with data protection laws. That’s why our Broker CRM is designed to help you meet your responsibilities under the General Data Protection Regulation (GDPR) with ease and confidence.
This guide outlines the tools and processes available within the CRM to support you with each key aspect of GDPR.
Consent management
Key features:
- A dedicated consent capture area lets you record granular client consent—for essential contact, marketing, and data sharing with third parties
- Clients can update their consent preferences directly via the client portal
- The system shows clear alerts if consent hasn’t been provided
- Integrated marketing tools allow you to contact clients to reaffirm consent, when needed
Data privacy
Key features:
- Your firm’s privacy policy can be displayed in the customer portal for full transparency
- For firms not using the portal, privacy statements can be recorded within the CRM to maintain an accurate log of what was shared with each client. This creates a clear audit trail for how data is processed and how consent was obtained
Data breaches
In the unlikely event of a data breach, Finova Broker CRM supports fast and compliant communication:
- Use our mass-mailing tools to notify affected clients quickly
- Restrict user access within the CRM to protect client data from unauthorised viewing
- Access logs and audit trails support breach investigations and reporting
Right of access
Make it easy to fulfil client data requests:
- Export a complete copy of a client’s data at any time
- Use our export tools to create files in commonly used, machine-readable formats (e.g., CSV)
Right to rectification
Keep records accurate and up to date:
- Client information can be edited easily in the CRM
- Case notes can be used to log rectification requests with timestamps and notes on completion
- Set diary reminders and track time spent for internal reporting
Right to erasure (right to be forgotten)
Permanently delete data when required:
- With the correct permissions, users can fully remove a client’s data from the system
- All erasures are logged to ensure traceability
Right to restrict processing
Temporarily pause processing when requested:
- Use case notes to record restriction requests and track actions taken
- System controls allow you to limit data processing on flagged records
- Set diary alerts to review or follow up on restricted cases
Right to data portability
Provide client data in a usable format:
- Easily export client data in structured, machine-readable formats
- Support clients switching firms or reviewing their records with ease
Right to object
Respect objections to data use:
- Record objections as case notes and assign follow-up actions
- Withdraw consent at any time, with a full history retained
- Use time tracking to assess the operational impact of requests
Data security
Finova is committed to protecting your data and the data of your clients. Here’s how we ensure robust security across the CRM platform:
Security measures:
- All staff undergo DBS background checks before joining
- Ongoing data protection training for all employees
- Dedicated EU-based infrastructure
- Access to production systems is strictly limited and monitored
- Hosting in ISO27001/2-compliant data centres
- Web Application Firewalls and hardware firewalls
- 24/7 threat monitoring and managed cybersecurity support
- Full daily backups, retained for 14 days
- Disaster recovery site in place for business continuity
- Weekly Security Review Panel to evaluate and enhance defences
Need help?
If you have any questions about using the CRM to manage GDPR requests, or you'd like help configuring these features, our support team is here for you.
Broker platform support
01275 400 650