Data protection  

FCA in talks to iron out data protection rules

FCA in talks to iron out data protection rules

The Financial Conduct Authority has said it is in talks with the Information Commissioners Office to smooth out any inconsistencies between incoming data protection rules and the "wider regulatory landscape".

In an update today (8 February) on the implementation of the General Data Protection Regulation, which comes into effect in May, the FCA said some firms had been in touch with the regulator asking about their ability to comply both with GDPR and the body of financial services regulation.

In a joint statement, the FCA and ICO said: "We believe the GDPR does not impose requirements which are incompatible with the rules in the FCA Handbook. Indeed, there are a number of requirements that are common to the GDPR and the financial regulatory regime detailed in the Handbook.

Article continues after advert

"However, we recognise that there are still ongoing discussions to ensure specific details of the GDPR can be implemented consistently within the wider regulatory landscape.

"The FCA and ICO are working closely together in preparation for the GDPR, and recently jointly hosted a GDPR Roundtable with firms and industry bodies to listen to industry concerns."

GDPR, which is a Europe-wide regime, introduces a number of regulations which will affect financial advisers, including the right to erasure, meaning an individual can request the deletion of personal data relating to them, and the right to access, meaning an individual can demand information on how their data is being used and a free copy of their personal data.

It also introduces the right to data portability, which means a person must be able to transfer their personal data from one system to another without being prevented by the handler of their data.

Meanwhile explicit consent must be obtained for the collection of data and all the purposes it is used for, while all data breaches must be reported within 72 hours.

Among the issues facing advisers which are up in the air is how the GDPR will interact with the Financial Ombudsman Service.

Last year Ken Davy, chairman of the SimplyBiz Group warned that the rules could lead to an adviser deleting data upon request but then struggling to defend themselves against a complaint.

There have also been concerns expressed about how the rules on data erasure could impact advisers seeking professional indemnity insurance.

At the time the ICO said it would be providing more detailed guidance on the GDPR "in due course".

In today's statement, the two regulators said: "Since 2014, the FCA and ICO have had a Memorandum of Understanding in place, laying out our formal relationship and demonstrating our commitment to co-operation and co-ordination in our activities.

"Over the coming months, we will review the memorandum of understanding to ensure it is still fit to address future collaboration."

While the ICO will regulate the GDPR, complying with its requirements is also something the FCA will consider under its rules, such as the senior managers regime.