Data protection  

Industry takes stock of data protection rules

For Martin Brown, managing partner at adviser partnership Continuum, GDPR has done little more than remind advisers of the processes they should have had in place anyway.

He said: "A lot of GDPR should very much be common sense, such as making sure you have your own IT policy and making sure advisers are not, for example, going online on a train and working on client cases.

"So we reinforced our IT security policy and made sure it was embedded in the partnership.

"For central communications with clients, we've always incorporated the data back and forth in a secure portal and we've also tightened up on internal communications and built an in-house secure portal."

Mr Brown said in "this day and age" it is an "absolute must" that the advice market take the requirements under GDPR seriously. 

He added: "Arguably in a good way GDPR was dramatised to be a big deal, so as to encourage those companies who were miles away from doing what they should be to do something about it.

"But for those people running businesses with good common sense, it was just a case of making sure they tightened it up."

Nevertheless, the added administrative burden of GDPR must not be underestimated and Gus Hull, commercial consultant at The Lang Cat, said a year on from the introduction of GDPR he still comes across incorrect references or those relating to the old regime. 

He said: "For financial advice professionals, I think it would be fair to say that it has been, and remains, a struggle to ensure that all documentation, and particularly client-facing documentation, has been updated to capture and reflect GDPR." 

For Mr Hull, the struggle to implement GDPR will have fallen heaviest on those smaller advisers who are not part of a network. 

He said: "Although the Information Commissioner’s Office were supportive and did a lot of good work to assist businesses of all shapes and sizes, including a dedicated advice line for small organisations, the complex nature of the regulation and the sheer scale of the implementation requirements will mean that it’s an ongoing struggle to become, and remain, fully compliant."

Mr Hull said this also included the requirement to demonstrate and evidence compliance.

What do you think about the issues raised by this story? Email us on to let us know.