The General Data Protection Regulations become law on 25th May 2018. We will be conducting a programme of ‘rolling audits’ with our client firms which we expect will bring everyone to ‘GDPR compliant’ status by the end of March. It is not in fact a major exercise. There is little that is new, most of it is making into requirements what had previously been simply good practise. There is an issue though which has been causing us concern from the time that the new legislation was announced. One of the rights which firms’ clients will have is the right of ‘erasure’, which means that an individual can demand the deletion of personal data relating to them.
There are concerns that this could lead to financial advisers being forced to delete information at the request of their clients (likely prompted by ‘ambulance chasers’) and then be faced with complaints that they are unable to defend. It looks as though there could be light at the end of this particular tunnel. A spokesman for the ‘Information Commissioners Office’ (ICO), which is responsible for overseeing the implementation of GDPR in the UK said “The right to erasure is not an absolute right, and it does not apply where retention of the data is necessary to meet a financial adviser’s legal obligations or for defending claims. We will be providing detailed guidance on the rights individuals have under GDPR in due course.” This statement looks as if it comes in the ‘Whoops, hadn’t thought of that!’ category, but it is welcome nevertheless.
The above is the lead article in our latest monthly News Notes – September 2017. Other topics in this edition include:
- Recording Telephone Conversations
- Pension Muddle
- Pension Deflation
- Mortgaged to Death
- MiFID II Implementation
Haven Risk Management : FCA Compliance Consultants