Five questions advisers should ask about GDPR
- Understand what a GDPR ready advice firm will look like.
- Learn how to handle data stored on paper and the type of software which will make a firm compliant with GDPR.
- Comprehend the fines the ICO can hand out for data breaches.
- Understand what a GDPR ready advice firm will look like.
- Learn how to handle data stored on paper and the type of software which will make a firm compliant with GDPR.
- Comprehend the fines the ICO can hand out for data breaches.
The 25 May deadline for GDPR is now less than two months away and yet the headlines are that a significant number of businesses are still unprepared, and some are even unaware, of the significance of the new legislation.
According to a government survey, only 38 per cent of businesses know about GDPR and only over a quarter of those businesses have got to grips with what GDPR means for them and are making the changes it requires.
GDPR carries heavy fines for a breach, and even small financial advisers and advice firms that have not addressed it will be no exception; they need to prepare now. GDPR will, in one way or the other, have a significant impact on the sector and fundamentally change the way advisers and advice firms handle, process and store data.
While there are significant activities for advisory firms to consider in the lead up to the May deadline and beyond, firms should look at the significant benefits it brings with it.
The technology basics are important but implementing clear policies and robust procedures is equally crucial, and they really should be in place by 25 May.Ensuring GDPR standards are met will help reduce the risks of data breaches and large fines, but more widely it will increase customer perception and loyalty if you have well implemented processes in place for handling and processing personal data.
The Facebook scandal hitting the headlines resonates with customers.
You may receive only a small fine or a warning: but in an industry based on trust, advisers may have more to fear from the dent in their reputation than the actual penalties.
1. What does 'GDPR ready' look like for an adviser?
If we take the TalkTalk data breach case as an example, implementing the “most basic” cybersecurity measures is a good starting point.
These include ensuring that all security updates released by software suppliers and/or any known security patches are applied and that the systems and software are constantly assessed and scanned for vulnerabilities.
The technology basics are important but implementing clear policies and robust procedures is equally crucial, and they really should be in place by 25 May.
The type of data held, its origins, who it is being shared with and what it is being used for should be registered and then reviewed rigorously to see where it is at risk. All members of staff should be suitably trained and must understand the significance of data protection and know how to handle data responsibly.
GDPR is not owned by just one department, it is everyone’s responsibility. Therefore, establishing a culture of openness at work can help to swiftly identify any potential data or security breaches.
