After new rules come into force on 25 May, you’ll risk a potentially hefty fine if you’re caught napping
Recently I attended a workshop on General Data Protection Regulation (GDPR) with Moneyinfo, which introduced 12 steps that financial planners and advisers will need to get to grips with by 25 May.
I was already aware of the new rules, but I must admit that not being a detail person, I had not looked at them that closely.
It was quite a shock to realise the challenges that lay ahead of us and what measures we need to consider now, to meet the May deadline. If, like me, you thought that it was just a matter of quickly putting together another document to hand out to clients, then think again.
Just think about all the areas where you keep information about clients, employees and providers – and not just your database. When you realise how many places there are that we store information (just think about using MailChimp or emails), you then need to analyse what information you do save, the purpose of retaining all this information and who shares it; essentially a complete audit of retained information.
You must consider how accessible it all is, while being secure and kept confidential. You will need to compile an asset register and then develop a privacy policy, which includes among other necessities, source of information, and when clients should be told and how.
There are also concerns about sensitive details and the consents that must be given freely for each purpose, while demonstrating them and keeping them real. There is much more that we must comply with than I have room to mention here; get a 'subject access request', and this could take someone hours to fulfill.
There are questions of responsibility, training and who takes on this extra work. Believe me, this is not just about security and IT; keeping stuff in the Cloud and thinking you’ll be fine. This is so much more than that.
You ignore it at your peril. Fines for breaches of the rules – even accidental loss of information – can amount to £500,000.
GDPR is about raising the bar on data protection. It puts individuals in control of their personal data, but gives you full responsibility for ensuring that you meet any demands. You need to act now.
Marlene Outrim is managing director of Uniq Family Wealth
