Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Klarna is a Swedish buy now pay later (BNPL) payment service and licensed bank. It enables consumers to pay later, pay in instalments, or use financing for purchases. As a Swedish bank regulated by the Swedish FSA, Klarna is subject to EU banking law in addition to GDPR — providing strong consumer data protections. No third-country transfers are required for standard Klarna integrations. The payment processing itself relies on contract performance; Klarna's On-site Messaging (promotional banners) may require separate consent management.
Klarna is a Swedish fintech company and licensed bank providing buy now pay later (BNPL) payment solutions and financial services. For e-commerce, Klarna offers payment options including Pay Later (pay within 30 days), Slice It (pay in instalments), and Financing (longer-term credit). Klarna also provides a shopping app for consumers and merchant marketing tools.
Klarna Bank AB is licensed by the Swedish Financial Supervisory Authority (Finansinspektionen) and operates across the EU under EEA banking passporting. This banking regulation provides strong consumer data protections in addition to GDPR. All primary payment processing and customer data are handled within the EU. Unlike US-based payment processors, no third-country transfer SCCs are required for the core Klarna payment integration.
Klarna performs credit risk assessment for each BNPL transaction, involving automated processing of the consumer''s financial data to determine creditworthiness. This constitutes automated decision-making under GDPR Article 22. Klarna handles this compliance as the credit provider (independent data controller). Merchants should disclose in their privacy policy that Klarna may perform credit checks for BNPL payment options.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Klarna''s On-site Messaging feature embeds promotional banners on product and cart pages showing available payment options. This JavaScript may set marketing cookies requiring consent if loaded site-wide. Load On-site Messaging only where contractually necessary (checkout) or manage via CMP for promotional placements on non-checkout pages.
Sign Klarna''s merchant agreement including DPA terms. Disclose Klarna in your privacy policy as an independent data controller for payment and credit assessment. Note automated credit decisions. Manage On-site Messaging cookies via CMP for non-checkout pages. Inform customers at checkout that Klarna may perform a soft credit check for BNPL options.
Websites using Klarna must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not required for standard Klarna payment integration. Klarna's credit risk assessment involves automated credit scoring — merchants should disclose this in their privacy policy. Klarna itself conducts the credit assessment as an independent data controller.
Sample consent text
This website uses Klarna for flexible payment options. Klarna may perform a soft credit check to offer personalised payment plans. Klarna is a Swedish licensed bank subject to EU banking and data protection regulations. See Klarna's privacy policy for details.
Third-party domains contacted
klarna.comjs.klarna.comapi.klarna.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| klarna_lang | session | Session | Klarna language preference cookie for displaying the correct payment widget language |
Klarna is an essential service, but transparency matters. Manage all your consent with FlowConsent.
For core payment no — contract performance applies. On-site Messaging outside checkout may need consent for marketing cookies. Load it only at checkout for a consent-free implementation.
Yes. Klarna Bank AB is Swedish, EU-regulated, subject to both Swedish banking law and GDPR. No third-country transfers needed for standard integrations — processing stays within EU.
Yes. A soft credit check for BNPL options — does not affect the customer's credit score. This is automated processing under GDPR Art. 22. Disclose in your privacy policy.
Contract performance for BNPL payment. Legitimate interest for fraud prevention. Consent for On-site Messaging marketing cookies on non-checkout pages.
No for standard integrations. Klarna is Swedish and EU-regulated. A significant GDPR advantage over US-based BNPL competitors.
When customers pay with Klarna they enter a financial relationship directly with Klarna. For credit and payment processing, Klarna is the independent data controller, not the merchant.
State: Klarna is an independent controller for BNPL processing, Klarna may perform soft credit checks, customers have their own relationship with Klarna and can access Klarna's privacy policy.
Alma (French BNPL, EU), Scalapay (Italian). For instalment payments without BNPL, Stripe and Adyen offer EU-regulated options. Klarna has the strongest EU data residency story among major BNPL providers.