On the 25th May 2018, the new General Data Protection Regulation came into effect through EU law. Despite the UK’s commitment to Brexit, any changes that come into effect with GDPR will remain in place and, quite possibly, be broadened in coming years.
For now, what this means is that businesses, importantly the financial professionals responsible for storing data, need to fully understand the upcoming changes and implement them as soon as possible.
Broadly speaking, this new legislation will act as a means to greatly strengthen the security of consumer data and bring the law up to date with the quickly advancing digital age. For those acting in a financial position, in any industry, it’s vital that you get to grips with the following changes.
1. Greater control is being given back to the consumers
The main purpose of GDPR is to give individuals as much control over their personal data as possible. As such, new legislation not only allows people to access data and move it, it also gives them control to erase it. What is classified as personal data has also been expanded to include internet cookies, DNA and IP addresses. Being able to move data when needed allows easier capabilities to switch service providers. If necessary, individuals will be able to utilise the “right to be forgotten”, whereby online data must be erased by businesses when requested.
2. Increase awareness and transparency in data collection
Many consumers are still unaware of exactly what constitutes their personal data, and when or not it is being collected. One step to improve this transparency is the removal of pre-selected tick boxes or default opt-out options on sign up forms. The idea is that these boxes can be misleading or are often ignored, meaning businesses should not presume to collect data from the outset.
3. Greater business accountability
It is being made perfectly clear that businesses should view privacy of customer data as of the utmost importance. Impact assessments will be required to ensure businesses are fully aware of the risks they face and how to deal with potential attacks. If there is a breach of security, it is vital that the Information Commissioner’s Office (ICO) is contacted within 72 hours and, if it’s a high-risk attack, customers must also be notified.
4. Greater monitoring controls
The power of the ICO has been extended to allow them greater ease in carrying out investigations and imposing relevant sanctions. The maximum fine they can issue is being increased from £500,000 to £17 million (or 4% of global turnover). There will also be an increase in the variety of offences that can warrant punishment, such as not properly anonymising data.
It is important that you understand the impact of GDPR for financial professionals, and that you ensure your company is acting within the law with regards to client data. When working for an organisation of any size, it’s natural for there to be data spread out across a number of different departments. Bringing your business up to speed with GDPR means knowing what data needs protecting and knowing how to properly do so. Luckily, we offer data solutions that would help to offset much of this difficulty, by bringing this data together and making it far easier to comply with new regulations. To find out more, get in contact today.