E-Learning Login
Compliance Portal
April 2, 2026
The FCA’s Consumer Duty web page has been updated to include information covering Data Protection law and vulnerability related data.
The following information has been included in the updated Consumer Duty webpage:
Data Protection law and customer communications
Under the Consumer Understanding outcome, the FCA expects consumers to be given the information they need, at the right time, in a way they can understand.
Data protection laws (the UK GDPR and Data Protection Act 2018) and the Privacy and Electronic Communications Regulations 2003 (PECR) don’t stop firms from telling customers about better deals or providing information that they need to know as part of their relationship with that firm.
Administrative or customer service messages aren’t considered to be direct marketing, so there are no restrictions on communicating this type of information. Firms can also provide regulatory communications to all customers that provide neutral, factual information. For example, information about the product they hold, terms of other available products, and what their options are for moving to another product.
The Information Commissioner’s Office (ICO) guidance on direct marketing and regulatory communications explains how to draft regulatory communications and includes illustrative examples.
Data Protection law and vulnerability related data
The FCA requires regulated firms to act to deliver good outcomes for all consumers, including those in vulnerable circumstances. In practice, this can involve processing personal information, and where appropriate, sharing data related to vulnerability.
The FCA has published a joint statement to help firms understand the relevant FCA and ICO expectations around data processing in terms of:
- Supporting consumers in vulnerable circumstances.
- Sharing vulnerability related data appropriately across the distribution chain.
- Monitoring outcomes for these consumers.
