Seek Weed
Fintech

Protection of a 438k records base for a fintech client

We conducted a full security and compliance audit of a database for a loan company. We detected gaps in the telephone consent collection process. We implemented new procedures that reduced legal risk by 94.6% before a planned inspection.

94.6% risk reduction
ClientLendify Polska Sp. z o.o.
IndustryFintech
TimelineMarch – June 2024

We secured a database of 438,127 clients for Lendify Polska Sp. z o.o. before a planned inspection by supervisory authorities. We focused on sealing processes in telemarketing.

GDPR AuditDatabase HygieneHigh-Risk MarketingLegal Procedures

The challenge

The client was struggling with a growing number of complaints about intrusive telemarketing. In the first quarter of 2024 alone, we recorded 112 official reports from annoyed consumers. Analysis showed that the company did not have hard evidence of marketing consent for 27% of the records in its main database. With potential penalties reaching 4% of annual turnover, the financial risk was around 2.3 million PLN. The existing CRM system did not record the exact time and source of contact acquisition, making it useless in a legal dispute.

Our approach

We sent a two-person team of auditors to the client's headquarters. Piotr and Magda spent 14 business days checking system logs and randomly selected recordings from 19 months of sales calls. We used our proprietary method of verifying facts, not board promises. We checked the entire path – from the first click on a Facebook ad, through the form on the site, to the final connection of the call center consultant. We looked for the moment when consent might have been forged or simply skipped in the documentation.

The solution

We completely rebuilt call scripts for 24 consultants, removing ambiguous questions. We implemented a mechanism in the CRM to automatically tag consents with a unique transaction ID. We removed 41,203 records from the database whose origin could not be clearly proven – a painful but necessary decision to avoid penalties. We also created a new process for handling data deletion requests. Previously it took 14 days, now the system does it automatically within 22 minutes of reporting.

Results

Lendify Polska passed an internal control audit without any reservations. The risk of an administrative penalty dropped almost to zero, and the marketing department now works exclusively on clean data.

94.6%
legal risk reduction in the audit
41,203
records removed without proof of consent
22 min
average time to fulfill the right to be forgotten
14 people
marketing employees trained

Timeline

  1. March 2024
    Start of the audit and analysis of 112 consumer complaints
  2. April 2024
    Verification of 438k records and selection of missing consents
  3. May 2024
    Implementation of new scripts in the call center and CRM cleaning
  4. June 2024
    Final team training and end report for the board

"Seek Weed found holes in our consents that the IT department had no idea about. We removed questionable contacts and now sleep soundly before inspections. It was a hard lesson, but very necessary."

Bartosz Wiśniewski Chief Operating Officer, Lendify Polska Sp. z o.o. June 2024
← Back to case studies