Data protection  

Ombudsman insists missing data won't derail complaints

Ombudsman insists missing data won't derail complaints

The Financial Ombudsman Service has said it will be able to handle complaints even if information is deleted under incoming data protection rules.

The General Data Protection Regulation comes into effect today (25 May), meaning people will have the right to ask organisations to delete any information they hold on them.

This has sparked fears about what this means for advisers if they delete data but are subsequently faced with a complaint to the Financial Ombudsman Service, and find themselves unable to provide information to support their case.

But a spokesman for the ombudsman has said the service often deals with cases where there is information missing.

He said: "The service is able to deal with complaints where there is some missing information; this isn’t particularly unusual as sometimes there will be missing information because of the passage of time and businesses have retention periods in place.

"We will deal with it in the same way we deal with those complaints and ultimately each case will be decided on its own facts and on a fair and reasonable basis.

"We can't say how a firm should respond to right to be forgotten requests. It is for each firm to ensure they are complying with relevant laws including the General Data Protection Regulation.

"We do note however that the right to be forgotten isn't an absolute right and firms can in some situations retain personal information. It is for each firm to consider how long they need to keep personal information and whether they are complying with the law."

GDPR, a European Union regulation, sets out a number of new powers and rights, including the right to erasure, which means an individual can request the deletion of personal data relating to them.

It also introduces the right to access, meaning an individual can demand information on how their data is being used and a free copy of their personal data, and the right to data portability, which means a person must be able to transfer their personal data from one system to another without being prevented by the handler of their data.

Most of the largest advice firms in the country said they were ready for Friday's looming deadline.

Caroline Bradley, group risk and regulatory director at Tenet, said: "We set up a GDPR project group last summer and have been working since then to implement the changes required within the business and provide the necessary support and guidance to our appointed representatives and directly authorised clients.

"Tenet has issued over 1,200 privacy notices to our members and we’ve provided member firms with privacy notice templates to issue to their clients."

She added that Tenet was not sure how many right to erasure requests it would receive but recommended that since this right was not absolute, so long as firms have a lawful ground to retain the information, such as to demonstrate the suitability of the advice given, then they should not have any issues.