An overview of our data security principles and our approach

Data security at Lending Works

At Lending Works, we’re responsible for collecting and managing a significant amount of sensitive data, and it’s not something we take lightly. While technological developments have enabled exciting advances in areas like customer experience, machine learning and AI, the adoption of new technologies has also increased the threat of cybercrime and the risk of personal data being compromised. To help protect against this ever-present threat, we take a belt and braces approach.

Regulation and policy

A strong data protection strategy relies on a solid foundation of compliance with applicable data protection legislation. We will always process any personal data in compliance with the European General Data Protection Regulation (“GDPR”).

The business and all of our staff operate in accordance with a detailed and robust data protection policy and related procedures, and our customer privacy statement sets out how we obtain, store and manage our customers’ data.

We have appointed a Data Protection Officer, who can be contacted by:

• Email: cs@lendingworks.co.uk
• Post: Lending Works Limited, 60 Gray's Inn Road, London, WC1X 8AQ
• Telephone: 020 7096 8512

Global-level protection

There are many ways in which we secure our web application and databases, some of which are listed below.

HTTPS secure connections

Lending Works forces HTTPS for all of our services by using TLS (SSL). Services protected by HTTPS include all customer interactions with our application and website, all retailer interactions with our Partner Portal and website, and any interactions our team have with our application.

Encryption of sensitive data and communication

All data is encrypted both during transmission and when in storage. Furthermore, the core of the infrastructure we use to store, decrypt, and transmit sensitive data is completely separated from other services, such as our website and API.

Penetration testing

By regularly facilitating third-party penetration testing, we can validate the work of our in-house experts in line with our belt and braces approach. Our penetration testing partner holds the industry’s leading accreditations, including CREST STAR and Offensive Security’s OSCP and OSWP designation.

User-level protection

Coupled with our various protective measures at a global level, we also put in place policies and procedures to help protect against threats we could face via individual team members too.

Policy

All team members must adhere to our robust data security policy, in addition to completing regular training on the core concepts of effective data protection, which helps ensure the risk of data loss is minimised.

Minimisation

We have the philosophy that the most effective way to keep information secure is to not require it in the first place. We store only data which is absolutely necessary for our business and only retain personal data for the periods we are required to do so by our regulators (as stated in our privacy policy).

Anonymisation

Wherever possible, data that can be accessed by our colleagues is anonymised to remove sensitive customer information. For example, while our data scientists and software developers need to access a significant amount of data to do their work, we ensure that the data they access does not contain sensitive customer information wherever possible.

Encryption

As well as our infrastructure entities, all local computers and file stores are encrypted too. This ensures that in the event of theft or loss of hardware, important customer data could not be accessed.

This provides a brief overview of how we approach data security at Lending Works, but if you’d like more information please ask your Partnership Executive or contact us by clicking here.