Capital Markets Insights

Katipult and the GDPR Regulations

Katipult and GDPR - The General Data Protection Regulation

The GDPR (General Data Protection Regulation) is a new regulation for organizations dealing with data from EU citizens.  In this article, we’ll discuss how the GDPR affects Katipult platforms and the necessary steps to make the platforms GDPR compliant.


The GDPR regulations will come into effect on May 25th, 2018.


The regulation applies to all platforms working in any region which takes information from EU citizens.  


There are three stages to the GDPR Regulation.

  1. Stage 1 - Data Collection
  2. Stage 2 - Data Storage and Processing
  3. Stage 3 - End of Relationship

Stage 1: Data Collection

The data collection stage requires that a contact is informed that their data will be stored and used by the platform.  The consent has to be ‘freely given, specific, informed, and unambiguous;’ using ‘clear and plain’ legal language that is ‘clearly distinguishable from other matters.’

We recommend establishing this control by adding another checkbox to the user registration page with this very clear language; the language you would use may look something like:

“I acknowledge that [PLATFORM NAME] will use my data to recommend investments and will NOT share my information with third parties that have not been authorized. I understand that my data can be withdrawn from [PLATFORM NAME] by contacting the administrator.”

We recommend using this on the registration page as you can then ensure that all sponsors or investors that may sign up on your platform are covered.  It is also worth noting that the GDPR regulation requires that the box has to be positively affirmed by the contact, meaning that; we can’t pre-fill the checkbox.  

Note: GDPR does not positively state that a double opt-in procedure is required.

Stage 2: Data Storage and Processing


The GDPR allows for a contact to request any information that is stored about them. If a contact asks for this export of information; you’re able to use the CSV export capabilities to create a report for the investor.


The GDPR also states that contacts can ask for their information to be modified, which can already be done by the administrator of a Katipult platform.

Stage 3: End of Relationship

If a contact wishes to end their relationship with the Katipult platform, they can uncheck the box in the notifications section of the platform.  This information will be communicated in any exports that are sent from the Katipult platform. You would then instruct your marketing software to not send-out to customers who have disallowed notifications.

Note: A contact is not able to disable required emails such as ones regarding investments, repayments, etc.