The data rules, which took effect on 25 May, mean people turned down for a mortgage, credit card or loan because a 'computer said no' can challenge their bank's decision and demand it should be reviewed by a human.
Ray Boulger, senior technical manager at John Charcoal, believes there could be some long-term benefits in the data rule change.
He said the problem in the past was a lender did not have to give any specific reason for rejecting an application, they could simply refer the client to the credit agency they worked with, whereas now they have to justify and explain their decisions.
Criteria around County Court judgements for instance, which can be handed down for small debt-related offences such as unpaid utility bills, and could trigger a rejection, may be reviewed, he said.
He said: "There is a difference between [an applicant] who is not aware of a CCJ and somebody where it is a conspiracy but some lenders' criteria doesn't really differentiate between that.
"In the short term lenders may be choosing to do nothing and take a wait and see approach but this is an area that gives borrowers more ammunition and if enough borrowers take action lenders may feel uncomfortable about rejecting an application based on certain criteria, and they might well choose to change their criteria."
The General Data Protection Regulation (GDPR) does not prevent banks from using automated processes but it requires firms to alert their customers to such processes and have appropriate services in place for them to appeal.
David Hollingworth, associate director of communications at L&C Mortgages, said the prominence of lender privacy policies may help give customers more clarity around their right to challenge automated decisions.
But he said it was yet unclear whether challenges would lead to lenders undertaking an individual underwriting process.
He said: "In many cases though this is unlikely to make for a significant change in the way that borrowers make their applications.
"Automation clearly has some benefits in speeding up processes and borrowers are still likely to accept that automated decisions are part of the process."
Where he thought the new rules could help was to uncover a situation where the application failed simply because data was input incorrectly.
Santander and HSBC told FTAdviser they used automated processing but would be happy to review their decision when challenged in line with the General Data Protection Regulation (GDPR).