From the point of view of information systems, EU General Data Protection Regulation (GDPR) is traditionally associated with the imposition of strict procedures and restrictions on the storage, processing and transmission of personal data. The aim of this paper is to propose a comprehensive approach to implementing GDPR requirements in information systems and applications operating in the consumer financing area. The research is based on an analysis of the business process and the typical information infrastructure of a credit institution on one hand, and on specifics of GDPR compliance in this sector, on another. As a result of this development, basic guidelines are proposed for how, while implementing GDPR's requirements, business can be expanded by creating the fundamentals for introducing cutting-edge information technologies, upgrading existing applications, developing new integration solutions, and developing B2B platforms. The main conclusion made from this research is that when carefully planned and implemented with the right technological solutions, GDPR compliance in the consumer financing companies can open up new business and technological opportunities, thereby ensuring further optimization of company operation and eventually enhancing customer satisfaction.