Data protection  

Industry takes stock of data protection rules

Industry takes stock of data protection rules

There has been concern about the impact the General Data Protection Regulation could have on the advice market but one year on it seems little has changed.

Arguably one of the bigger regulatory changes to the advice market in recent years, the GDPR was enforced across the UK on May 25, 2018, affecting any organisation which holds or processes people's personal data.   

The rules give consumers the right to have their data erased, meaning they can request the deletion of personal data relating to them held by a company, and enforce penalties on those found to have misused or mismanaged clients' personal data.

Ahead of the changes some raised concerns about the financial and commercial impacts the requirements imposed by GDPR could have on advice firms, with suggestions advisers' lead lists and enquiries from online directories could be hampered if potential clients did not give their explicit consent to their data being held. 

Networks were concerned the rules could leave advisers unable to defend themselves against complaints to the Financial Ombudsman Service and detriment an adviser's cover with professional indemnity insurers

Advisers have now been working under the new rules for a year but it appears not all of these concerns have come to fruition, with some reflecting on the changes as a force for good and merely a reinforcement of good practices. 

Mark Turner, managing director of compliance and regulatory consulting at Duff & Phelps, said whilst the new rules may have had a shrinking effect on lead lists, this should ultimately create a more efficient process for contacting clients in the future. 

He said: "Firms will have experienced some reduction in the number of prospects in their databases however this is due to prospects opting out of communications they are not interested in.

"In many cases this narrower focus has saved time when compiling target lists for marketing campaigns or event invites.

"Those that have chosen to remain on distribution lists are those that genuinely want to hear about the services on offer and businesses can spend the time saved confidently reviving relationships with stronger leads and harvesting better returns." 

Reflecting on concerns surrounding an adviser's ability to defend an ombudsman claim under GDPR, as client data may have been erased at the request of the client, Mr Turner said it is important to remember companies are entitled to retain records and personal data for clients in order to defend themselves against claims and litigation. 

He added: "Whilst this is the case, firms may need to invest more time and resource ensuring their data management framework supports a careful consideration of the exact data retained for different purposes.

"The right to defend against a legal claim does not provide cover to retain any and all personal data of clients and should not be misused to avoid implementing a proper data retention schedule and framework.

"If an ex-client unsubscribes from a mailing list or requests a data processing restriction, these requests should be actioned in the spirit of fairness and transparency as far as reasonably possible to prevent complaints to the regulators which may prompt a more thorough tyre kicking of the entire compliance framework."