The simple answer is yes, as long as certain conditions are satisfied. Data protection legislation requires brokers to take appropriate measures to ensure email transmissions are secure when processing personal data. The Data Protection Act 1998 gives some guidance on the appropriate level of security. The data controller must also ensure the reliability of staff having access to the personal data.
Emailing a completed application form either to the applicant or to the lender should be done using available security devices such as encryption and Secure Socket Layering. You should ensure anyone required to do this is appropriately trained to prevent accidental breaches, such as emailing the wrong address or deliberate breaches as part of a fraud.
The data controller is restricted from using the information for a purpose other than that it was provided for, or disclosing it without the individual’s consent.
Finally, the Act also specifies that personal data shall not be transferred to a country outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights of data subjects.