Data Protection Checklist for Non-Bank Financial Institutions (“NBFIs”)

Data Collection and Consent

NBFIs should clearly define:

• The purpose of data collection and obtain explicit consent from individuals before collecting their personal data;
• provide transparent information about the types of data being collected;
• how it will be used, and any third parties it may be shared with;
• allow individuals to opt-in or opt-out of data collection and processing activities; and
• implement mechanisms for individuals to review, update, or delete their personal data upon request.