Mortgage advisers could be leaving themselves exposed to hefty fines after a survey showed four out of five had not begun to implement new data protection regulations.
Technology firm Mortgage Brain has found 81 per cent of mortgage advisers have yet to begin implementing the rules and data regulations laid out by the forthcoming General Data Protection Regulation (GDPR).
More than a third (35 per cent) of respondents to a survey said they were not even aware of the new rules – even though the legislation is set to take effect in May 2018.
Failure to comply with GDPR could lead to firms being fined a maximum of €20m (£17m) or 4 per cent of annual global turnover – whichever is higher.
The legislation expands on the existing UK Data Protection Act, introducing a new level of accountability that requires any organisation that handles other individual’s personal data to show how they comply with the principles.
It is set to affect everyone involved in collecting and processing information and data about individuals in the context of selling goods and services.
One of the major changes brought about by the legislation is that advisers will have to gain clients’ explicit consent to collect data and use it for the purposes they require.
In addition, limits on clients’ ‘right to be forgotten’ – to have their personal data erased – that are enshrined in the data protection act will be removed.
The statistics come from a survey of attendees at the firm’s 2017 series of Mortgage Vision events Winchester, London, Manchester and Birmingham.
Advisers in London were found to be the least prepared for the roll-out, with half admitting they were unaware of the new rules.
In contrast, 25 per cent of advisers in Manchester said they were unaware of GDPR, making it the most prepared region.
Mortgage Brain chief executive Mark Lofthouse said: “May 2018 might seem like a long way off but with GDPR affecting everything from the way customer data is collected, the way consent for use is given and the way data is stored and used, some firms could find they have a lot of work to do to ensure their business is compliant.
“With just seven months to go it’s imperative that advisers have a full and clear understanding of the new rules and regulations and are well aware of their responsibilities and what support they should expect from their system providers.”
Robert Sinclair, chief executive of the Association of Mortgage Intermediaries (AMI), said the advice community had a lot to do to make sure it is up to speed with GDPR.
He said: “A firm that has appropriate controls through existing data protection legislation should not have much to do to top this up.
“The problem is the legislation has yet to finish its passage through parliament. The government has been behind the curve in terms of getting the European directive into UK legislation.”
Mr Sinclair said firms would have to put in place data policies to make clear how long they will hold clients’ information and for what purposes, and this will need to be made explicit at the start of the relationship with the customer.
He added that the AMI is starting to ramp up its efforts to ensure advisers are adequately informed about the changes.
simon.allin@ft.com
