RegulationSep 6 2017

Fears data protection rules could leave advisers vulnerable

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Fears data protection rules could leave advisers vulnerable

The General Data Protection Regulation is a European law which comes into effect in May 2018.

It sets out a number of new powers and rights, including the right to erasure, which means an individual can request the deletion of personal data relating to them.

But there are concerns this could lead to financial advisers being forced to delete information at the request of their clients, only to face complaints being made to the Financial Ombudsman Service which they are unable to defend.

Martin Greenwood, chief executive of Tenet, said the Financial Conduct Authority and the ombudsman needs to respond and provide guidance on the way advisers must handle the General Data Protection Regulation (GDPR).

He said: “GDPR does give data subjects a right to erasure, however it’s important to note that this right is not absolute.

“Where organisations have clear regulatory or other legitimate grounds to retain the data,  they need not comply.

“Activities to meet FCA and statutory regulation requirements for example would fall under this category.”

Writing in his column for Financial Adviser this week, Ken Davy, chairman of SimplyBiz Group, said the rule was reasonable but could have negative consequences.

He said: “If an adviser is required to delete data upon request it could leave that firm vulnerable if the client (urged on by an ambulance chaser) later lodges a complaint.

“One of the most frustrating situations for any adviser, particularly an appointed representative in a big network, is for a speculative complaint to come in and be upheld because the network is not able to provide sufficient evidence to enable the adviser to defend themself.”

The Information Commissioner’s Office, which is responsible for overseeing the implementation of GDPR in the UK, said the right to erasure was not universal.

In a statement a spokesman for the office said: “The right to erasure is not an absolute right, and it does not apply where retention of the data is necessary to meet a financial adviser’s legal obligations or for defending legal claims.

“We will be providing more detailed guidance on the rights individuals have under the GDPR in due course.”

But one individual within a network, who declined to comment on the record, said the proviso on legal claims did not necessarily give financial advisers the green light to hold onto information for fear of facing an ombudsman complaint later.

He said: “This seems the most likely justification for an exemption for adviser firms, but it is not clear yet if and how it might apply in practice.

“For example, it isn’t clear whether the exemption to the ‘right to erasure’ would apply only if a complaint case had already been opened of whether a theoretical possibility of a future complaint would be suffice for the exemption to apply.”

A spokesman for the FCA said it is currently reviewing the GDPR requirements and working with the Information Commissioner’s Office on how it can help introduce them.

Meanwhile a spokesman for the Financial Ombudsman Service said: “As always, we’ll look at each case on its own individual merits before deciding what is fair and reasonable.”

damian.fantato@ft.com