Back in the GDPR: how IFAs can get ready for EU data rules

With the new rules due to come into force next May, it is time to start planning now as the consequences of non-compliance could be grave.

The new general data protection regulation (GDPR) contains critical obligations that you must start preparing for sooner rather than later.

For firms to achieve compliance in time for GDPR’s arrival in May 2018, they must allow themselves sufficient time to understand the new regulations and start making the necessary changes early on.

Every company that obtains, processes and uses data in the EU must adhere to new regulations. The UK’s decision to leave the EU has no bearing on the ruling.

The new general data protection regulation (GDPR) contains critical obligations that you must start preparing for sooner rather than later.

For firms to achieve compliance in time for GDPR’s arrival in May 2018, they must allow themselves sufficient time to understand the new regulations and start making the necessary changes early on.

Every company that obtains, processes and uses data in the EU must adhere to new regulations. The UK’s decision to leave the EU has no bearing on the ruling.

Raise awareness and register it

Start by recording the compliance process and making a note of all significant changes your company makes to its processes and procedures.

Also known as the ‘data register’, this record will contain details on the data you currently hold, your reasons for processing it and what it will be used for. This will help your company adhere to the new accountability principles of GDPR.

Rather than preventing you from doing things, GDPR compliance aims to improve standards by encouraging you to make your processes and procedures more effective and efficient.

Review your existing digital and hard copy format privacy notices and policies. Ensure they are concise, written in clear language, easy to understand and easily found.

Finally, make sure this important information is clearly communicated to your clients. Explain how their data will be used and how they can lodge a formal complaint to the Information Commissioner’s Office if they are dissatisfied.

Rights of the individual

Post-GDPR, individuals will enjoy greater control over their personal data. This includes the right to have it edited or deleted upon request. Therefore, it is your responsibility to ensure the appropriate procedures are in place to deal efficiently with such requests.

Perhaps one of the key drivers for the changes is the right of an individual to prevent their data being used for direct marketing purposes.

You must comply within a month when an individual makes a request for their data, to see what information you have about them. You can refuse if you think the request has no merit, but you must tell them why and how they can complain to the regulator.

Adopting transparent procedures is one of the most effective ways to protect your firm, and it will mitigate any future problems with the regulator. If your company already handles data carefully under current laws, the switch to GDPR should not be a cause for concern.

Never assume consent

Handling consent for the capture and use of personal data for more than just contact is a tricky area. You must obtain clear consent from a client before using their personal data, and secure separate consent if you plan to use the data differently than first agreed.

Make someone responsible and keep it up

If your company deals with personal data on a large scale, it may be worth recruiting a dedicated data protection officer to oversee procedures and to make sure information is being handled correctly.

It is not just electronically-held data that can pose a problem. You will need to consider written records, which are also covered by the regulations. All your staff should be trained on the correct handling of personal data.

Remember, the most important thing is to constantly record the transition process over to GDPR. Indeed, firms that can prove they have made an effort to comply with regulations will fare better than those that do not.

Paula Tighe is information governance director at Wright Hassall

Share this story

More Content

BUSINESS

1 Comments Profile: Fiona Oliver and James Roberts of Partners Wealth Management

Profile: Fiona Oliver and James Roberts of Partners Wealth Management

James Roberts and Fiona Oliver represent the changing face of Partners Wealth Management, which has drafted in a raft of big hitters since we last visited the firm

ADVICE

Grads grab chance to impress advice firms at matchmaking event

Grads grab chance to impress advice firms at matchmaking event

Top graduates are crying out for a pathway into the profession, so it is up to advisers to go into universities and spread the word about financial advice

twitter_banner

INVESTMENT