top of page



For 20 years, the Data Protection Act 1998 (DPA) provided the UK with rules and guidance in relation to the protection of an individual’s personal information. Since then there has been a vast increase in the amount of information collect and stored electronically. Whilst many of the principals of the DPA remain true, the EU formulated new rules in 2016, which became known as the General Data Protection Regulations (GDPR).


GDPR came into effect in May 2018, replacing the Data Protection Act.

GDPR reflects the way in which the use of electronic data has increased and seeks to enhance the consumer protection which is already in place. Data in this context is simply information about you – personal and / or financial information, along with other categories such as ‘sensitive data’ (health records for example).


Here at White Mortgages Ltd, we have always treated data, in whatever format, with the utmost of care. All laptops/PCs are password protected with encrypted drives as added security. Additionally, systems such as our Client Management System are further password protected with varying levels of access for staff, dependent upon their needs. All data is routinely backed up, again using data encryption software, and kept secure. Any paper based records are securely shredded once they are no longer required.


GDPR has had very little effect upon the way we deal with our clients on an everyday basis, as we had robust systems in place already. It has however given clients much more control over how their data is subsequently used. Indeed, some Companies exist purely to gather, process and sell on data. Arguably it is this type of data use that has led to the need for more robust regulation. White Mortgages have never given / sold data to third party Companies for financial gain and continue to have no such intentions. We have and will continue to, with your permission, share (‘Use’) your information as necessary in order to assist you with your mortgage and / or protection needs. You are however required to ‘Opt-in’ to any such agreement, giving your ‘Explicit Consent’, and are subsequently empowered with more ‘Rights’.




We collect data from our clients in order to provide a service. This comprises using a client’s information to establish their options with regards to mortgages and protection cover. Furthermore, we may assist clients by liaising with other related third parties, such as solicitors, estate agents, valuers, medical professionals and so on. It is necessary for us to share some information with these third parties in order to do so.



You will be asked to indicate your consent, or otherwise, in a number of specific & defined areas. Any such consent must be given freely and you have a right to change your mind at any time in the future. It is therefore very important you understand both what you are being asked and the consequences of your decision. To this end, a separate ‘GDPR Consent’ form will be completed by you as part of your discussions with us. We will usually explain the meaning and implications of giving / withholding consent at our first meeting.




There are several specific rights given to you under GDPR, including your right to withdraw consent at any time. You have a right to request we update / delete incorrect data and also a ‘Right to be forgotten’. Where your information is supplied to us by another person, perhaps by a spouse in your absence, we’ll seek to supply you with a copy of that information so that you can ask us to make any corrections that may be needed.


Not everyone who holds your data needs to seek consent in order to process it. GDPR has several tiers of authority that outweigh having your explicit consent. For example, when you approach a Mortgage Lender (directly or via ourselves) they will most likely share your information with credit reference agencies as part of their own process. They will not seek your consent to do so as approaching credit agencies will be part of their underwriting process and is known as ‘legitimate interests’ under GDPR. In short, you have to accept that your data will be processed as part of making an application.


Please note, there may be specific requirements of our Regulator, the Financial Conduct Authority, and / or points of Law which supersede GDPR requirements. If we cannot action a request from you because of this, you will be informed and an explanation provided, wherever possible.


Within the United Kingdom, The Information Commissioner’s Office has the duty of overseeing that everyone abides with GDPR. They have offices in England, Wales, Scotland and Northern Ireland. Further information and contact details can be found on their website:




If you wish to amend your consent, have any specific queries, or if you would like a copy of the information held on you, please write to The Compliance Manager, White Mortgages Limited, City Office Park, Crusader Road, Lincoln, LN6 7AS or email: If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

bottom of page