Data protectionMay 25 2018

Ombudsman insists missing data won't derail complaints

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Ombudsman insists missing data won't derail complaints

The General Data Protection Regulation comes into effect today (25 May), meaning people will have the right to ask organisations to delete any information they hold on them.

This has sparked fears about what this means for advisers if they delete data but are subsequently faced with a complaint to the Financial Ombudsman Service, and find themselves unable to provide information to support their case.

But a spokesman for the ombudsman has said the service often deals with cases where there is information missing.

He said: "The service is able to deal with complaints where there is some missing information; this isn’t particularly unusual as sometimes there will be missing information because of the passage of time and businesses have retention periods in place.

"We will deal with it in the same way we deal with those complaints and ultimately each case will be decided on its own facts and on a fair and reasonable basis.

"We can't say how a firm should respond to right to be forgotten requests. It is for each firm to ensure they are complying with relevant laws including the General Data Protection Regulation.

"We do note however that the right to be forgotten isn't an absolute right and firms can in some situations retain personal information. It is for each firm to consider how long they need to keep personal information and whether they are complying with the law."

GDPR, a European Union regulation, sets out a number of new powers and rights, including the right to erasure, which means an individual can request the deletion of personal data relating to them.

It also introduces the right to access, meaning an individual can demand information on how their data is being used and a free copy of their personal data, and the right to data portability, which means a person must be able to transfer their personal data from one system to another without being prevented by the handler of their data.

Most of the largest advice firms in the country said they were ready for Friday's looming deadline.

Caroline Bradley, group risk and regulatory director at Tenet, said: "We set up a GDPR project group last summer and have been working since then to implement the changes required within the business and provide the necessary support and guidance to our appointed representatives and directly authorised clients.

"Tenet has issued over 1,200 privacy notices to our members and we’ve provided member firms with privacy notice templates to issue to their clients."

She added that Tenet was not sure how many right to erasure requests it would receive but recommended that since this right was not absolute, so long as firms have a lawful ground to retain the information, such as to demonstrate the suitability of the advice given, then they should not have any issues.

A spokesman for True Potential said: "We created a specialist, dedicated team earlier this year. Their main focus has been to ensure that we are ready for GDPR and that we will operate in line with the regulations.

"We do not disclose client numbers, but response rates have been very encouraging. We are confident that by the 25 May the vast majority of our clients will have responded."

Old Mutual Wealth, St James's Place and Succession also said they were ready for GDPR.

Openwork and Tilney did not respond to a request for comment.

damian.fantato@ft.com