The implications of GDPR

On May 25^th 2018, the European Union's General Data Protection Regulation (GDPR) comes into effect. A two year ‘sunrise period’ is nearly over and a Bill is going through parliament now to turn GDPR into UK law.

According to a variety of surveys many firms are not ready.  This leaves them potentially in for a rude awakening if they mismanage any personal data belonging to a UK or European citizen.  Penalties for mishandling user data can reach as high as 4% of an organisation's global annual revenue or 20 million Euros (whichever is greater).

GDPR delivers solid principles to protect the personal data rights of individuals.  This relates to all aspects of how their data is handled. The regulation fundamentally changes how financial advisers process and handle client and prospect data.  This includes how the data is collected, how and where it is stored, who it is shared with, how it is protected and how communications can be made.

The new regulation focuses on enhanced data subject rights including the right to be informed, rights of access to data and the right to have it erased.  In May it becomes illegal to control or process any personal data without express consent or another lawful basis.

Firms need to become familiar with GDPR and the effects it is going to have.  In particular IFAs should especially check security relating to physical documents, use of laptops, tablets and mobile devices as these are often areas where there is unintended security risk.

A barrister was recently fined by the Information Commissioner’s Office (ICO) for unwittingly sending a client file to her personal cloud account while reformatting her laptop.  Simple breaches like this are best avoided especially under GDPR.

If your financial planning business requires help with GDPR, please get in touch. We have partnered with Brookland Computer Services who can offer expert guidance on how to ensure your business is GDPR compliant. 

Roland Rawicz-Szczerbo