Data protection 

Guide to GDPR implementation

  • Learn what GDPR is and the key areas for adviser firms to consider when implementing it.
  • Consider the main challenges firms face as they prepare for GDPR and how to get GDPR-ready.
  • Understand whether the cybersecurity threat is real and how it might affect financial planners.
CPD
Approx.60min
Guide to GDPR implementation

Introduction

Data has been big news of late, mainly for all the wrong reasons.

But the EU-wide General Data Protection Regulation (GDPR) when it comes into force on 25 May, seeks to address this.

"Data is the new gold," states Virginia Chinda-Coutts, group director of data protection at DST Systems.

She asks: "Why don't organisations look after it?"

Ms Chinda-Coutts believes GDPR is "such an opportunity" for firms to get the data they hold on their clients and the way in which they use it right.

The financial services industry is not renowned for being ahead of the game when it comes to its use of technology, and even for its reputation - customers often express their mistrust of many of the larger high street names.

Ruaraidh Thomas, managing director of applied analytics at DST Systems, admits asset management and banking is "riddled with legacy tech".

"[There are] lots of instances of not knowing where data is," he adds.

For this reason, he believes GDPR will force firms to get up to speed on where they should have been in terms of data protection.

Rob Walton, chief operating officer at Intelliflo, says: "A key output of the GDPR is the drive for better data quality and this is not going to harm any business - quite the opposite.

"Once firms truly understand their data and set about making it better, they will be more efficient in every aspect of their business - from automated valuations instead of hours wasted on the phone to providers, to a much better understanding of their client bank for business process improvement or business growth initiatives."

"It seems a daunting challenge at first, but it will also be a rewarding one for those firms that embrace the GDPR and commit to it," he concludes.

This guide asks what GDPR is, and how it integrates with other regulation, as well as highlighting the key areas advisers will need to address in implementing it.

What challenges will preparing for GDPR bring? And is the threat of a cyber attack real for financial advisers?

Finally, the guide will consider any hints and tips for firms to make sure they are GDPR ready for the May deadline.

This guide is worth an indicative 60 minutes of CPD.

Contributors to this guide are: Linda Gibson, director of regulatory change and compliance risk at BNY Mellon's Pershing; Steven Rhodes, data protection lawyer at Allegis Group; Steve Snaith, technology risk assurance partner at RSM; Mark Ehlinger, head of regulatory and professionalism services at Focus Solutions; Giulia Lupato, senior policy adviser at Pimfa; Jon Szehofner, founding partner at Gordon Dadds Financial Markets; David Marchese, consultant at Gordon Dadds; Virginia Chinda-Coutts, group director of data protection and Ruaraidh Thomas, managing director applied analytics at DST Systems; Scott Bancroft, principal consultant, cyber security and Mark Stringer, partner, UK head of wealth and asset management at Capco; Mark Greenwood, regulatory policy manager at The SimplyBiz Group; Rob Walton, chief operating officer at Intelliflo; David Moffat, group chief executive at DST Systems; openbanking.org.uk; RSM; ICO; Square Health.

Ellie Duncan is deputy content plus editor at FTAdviser

In this guide

CPD
Approx.60min
  1. According to Mr Szehofner, which two pieces of regulation are "built on the principle that individuals own their personal data and should therefore be able to choose how it is used and with whom it is shared"?

  2. Which of these is not one of the four key areas for adviser firms to consider, according to Mr Ehlinger?

  3. How does Ms Chinda-Coutts describe the ICO?

  4. Talking about cybersecurity, Mr Ehlinger says the threat is real and an attack should what?

  5. Mr Snaith believes what could be a useful exercise to inform corporate governance framework and cyber control environment?

  6. Mr Walton says if a firm could only do three things to be GDPR ready it would do the following but which is the odd one out?

Nearly There…

You have successfully answered all the questions correctly, well done!

You should now know…

  • Learn what GDPR is and the key areas for adviser firms to consider when implementing it.
  • Consider the main challenges firms face as they prepare for GDPR and how to get GDPR-ready.
  • Understand whether the cybersecurity threat is real and how it might affect financial planners.

I completed this CPD in

To bank your CPD please complete the form below.

What did you learn from undertaking this CPD exercise?

Why did you undertake this piece of learning?

Banked!

Congratulations, you have successfully completed and banked this piece of CPD

Already Banked!

You have already banked for this article.

To bank your CPD you must or

Register

One or more questions have been incorrectly answered,
 please review your answers and try again.

Please enter what you have learnt and why you completed this CPD.

More Regulation CPDSee my completed CPDSee all CPD

Comments