Amidst growing concerns around the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the European Union has introduced a new legislation to safeguard its citizens. The EU General Data Protection Regulation (GDPR) aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations. Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by 25th May 2018.
Financial services firms usually require the collection of large amounts of customer data, which is then collated and used for various activities such as client or customer on-boarding, relationship management and accounting. During these processes, customer data is exposed to a large number of different people at different stages, which is where GDPR comes in.
What does the introduction of GDPR actually mean for financial institutions and which areas should they be focusing on?
Five key areas of the GDPR legislation that will impact the sector:
– Client consent
– Right to data erasure and right to be forgotten
– Consequences of a breach
– Vendor management
– Enhancing privacy
Given the wide reach of the GDPR legislation, there is no doubt that financial organisations need to re-model their existing systems or create newer systems with the concept of ‘Privacy by Design’ embedded into their operating ideologies. With the close proximity of the compliance deadline – May 2018 – firms must do this now.
Failing to do at least one of the following now: a) identify client data access and capture points, b) collaborate with clients to gain consent for justified usage of personal data, or c) remediate data access breach issues, will not only cause financial pain in the long run, but also erode client confidence.
Our service includes:
– Level 1 – ICO Registration Only/ Registering your Company with the Information Commissioner’s Office. Failure to do so is a criminal offence. ALL companies need to be registered
– Level 2 – ICO Registration Basic Preparation/ As Level 1 Plus, Plan of Action, Templates of Policies, Templates of Reporting Procedures –
– Level 3 – ICO Registration Full Preparation/ As Level 2 Plus, Policies tailored, Record keeping and reporting procedures tailored, Branding, Follow up action needed, Staff Training Programme
– Follow up – Available for Level 3 only/ A six-monthly check to monitor that all aspects of GDPR are in place and being met, address any changes that need to be GDPR Compliant
– ICO Registration Renewal/ Renewing your registrations annually
Please get in touch today for an initial quote and start the process of becoming GDPR compliant.
Please note, if you become a member of the Excelsior Worldwide network as an individual Excelsior representative adviser then compliance will be provided to you at no cost.