Compliance and Data Protection in the CWP Initiative

It should go without saying that customer privacy and Data Protection are of paramount importance. So while data management is key to the CWP initiative, it takes place under extremely stringent conditions.

Experian needs only three pieces of data in order to identify CWP customers: company account number, postcode and first line of address; and Experian destroys the data file they use within ten days of the transfer having taken place.

These data transfers use a secure data transfer protocol and are governed by a Data Processing Agreement (DPA), which lays out why the data transfer is happening and the obligations on both parties to use that data only as specified in the DPA

When CWP-eligible customers are identified, customers are asked to give explicit consent to be in this category, and we respect their views should they wish to opt out.

Where customers do give their consent to be in the CWP scheme, this consent will last for five years after which it will be requested again. Eligible customers may also change their preferences at any time.