Register free for our breaking news email alerts with analysis and cutting edge commentary from our award winning team. Registration only takes a minute.

Adviser Workshop: How to prepare for GDPR

In the lead up to the implementation of the General Data Protection Regulation, we ask the financial planning experts how their peers should prepare.

James says...

We recently cleaned out our database. We contacted all clients, including orphan clients, and asked if they wanted to meet with us or if they preferred us not to contact them again. This took a big chunk off the GDPR workload.

Before 25 May, there are a few things to do on our website. For example, on how long we hold information of people using our contact form.

At the moment, this information comes in to a centralised email address. Here, we collect names, phone numbers and email addresses. Previously, that data had remained in our central system. Now, if those people do not become active clients, we will remove their details after a certain period of time.

One thing firms should do is engage with process mapping. When you get a new client, you ask yourself: how did they become your client? How does that go on to the back-office system? How do you create agency letters with providers off the back of that? How do you communicate further information to the client?

But some areas still require clarification. Some non-GDPR regulation says you have to keep certain data for a particular length of time. For example, data on any advice around pension transfers has to be kept pretty much indefinitely. This is contrary to what GDPR suggests.

Top tip: To help with a GDPR audit, use process mapping to see how data flows.

Top quote:

If you were subject to a GDPR audit, this is what they would look for: clarity of how data flows into, through and out of the business.

James Priday is director at Prydis Wealth

James says...

We recently cleaned out our database. We contacted all clients, including orphan clients, and asked if they wanted to meet with us or if they preferred us not to contact them again. This took a big chunk off the GDPR workload.

Before 25 May, there are a few things to do on our website. For example, on how long we hold information of people using our contact form.

At the moment, this information comes in to a centralised email address. Here, we collect names, phone numbers and email addresses. Previously, that data had remained in our central system. Now, if those people do not become active clients, we will remove their details after a certain period of time.

One thing firms should do is engage with process mapping. When you get a new client, you ask yourself: how did they become your client? How does that go on to the back-office system? How do you create agency letters with providers off the back of that? How do you communicate further information to the client?

But some areas still require clarification. Some non-GDPR regulation says you have to keep certain data for a particular length of time. For example, data on any advice around pension transfers has to be kept pretty much indefinitely. This is contrary to what GDPR suggests.

Top tip: To help with a GDPR audit, use process mapping to see how data flows.

Top quote:

If you were subject to a GDPR audit, this is what they would look for: clarity of how data flows into, through and out of the business.

James Priday is director at Prydis Wealth

Fiona says...

Preparing for the general data protection regulation (GDPR) has been tough. Some things were not made clear until the last minute. For example, we only found out in February you can obtain consent via email.

One thing to look out for is whether you have the right permission to gather information. For example, we cannot gather health information for life insurance under the principle of legitimate interest, which we use for other points of data collection.

Always keep in mind why you are collecting data, what you are collecting it for and how you are using it. There has to be a continuous review of what you are collecting, how it is stored, how long it is stored for and when you are getting rid of it.

The focus is always on the data and the data subject (or client in this case), and how they feel about their data. It is fascinating to see the statistics of how this varies across the generations.

Our changes for GDPR will be going live at the end of April. Then I will get feedback, in case clients do not like what has been sent out to them. This gives us plenty of time for the 25 May deadline.

Top tip: Keep in mind how the data subject, or client, feels about their data and how it is being used.

Top quote: 

'Millennials do not really mind you using their data, as long as they are getting something back from it. But baby boomers are more likely to ask what you are doing and why.'

Fiona Middlemiss is director of risk and compliance at Alan Steel Asset Management

What Twitter thinks...

New Model Adviser® reporter Christine Dawson asked the Twittersphere for their thoughts on GDPR preparation. Here is what everyone said:

Comment & analysis

Twitter