How GDPR Will Affect how The Financial Industry Does Business
5 ways in which the new data protection regulation (GDPR) will affect how financial firms like yours do business – How confident are you that you will know all 5?
Unless you have been in hiding, you will know that there is a new data protection regulation coming into place from 25 May 2018. Tell me something new I hear you say?
Fingers crossed you already know the ‘5 ways accountancy firms could be affected by GDPR’ as I outline below and, if not I will be pleased to have shared them with you; because from my perspective the information out there about GDPR is not always clear or industry specific.
Here are 5 changes that will affect how you do business post GDPR:
- With the regulations varying depending on if you are in the business to business (B2B) or business to consumer (B2C) market place it may be that you need to apply different rules to different departments/ individual employees e.g. those dealing with business accounts compared to personal accounts.
When reading guidance it is important to check to which market place it applies to be sure of appropriateness and therefore compliance.
- When operating directly with individual clients you will need to have agreement from each of them (past and present), and prospective clients, that you can communicate with them after GDPR, and which medium(s) they are happy to receive.
Plus you need them to opt-in, not out.
You still have time to nurture your lists, just!
3. If you use third-party companies to do payroll for example or even online IT systems including Customer Relationship Management (CRM) tools, you need to be sure that they are also GDPR compliant. It is your responsibility as the owner of the data.
4. Non compliance - if you do receive a complaint from contacting someone who didn’t agree for you to hold their personal data, or personal data is leaked etc. then your business could be fined 2% of your annual turnover or a €10 million fine. For a second breach the highest fine could be 4% annual turnover or a €20 million fine, eek
Internal training and regular compliance monitoring is imperative.
5. You need to track how you populate data, including information such as where it was sourced, how permission to use it was granted, why you are collecting the data and how and when it is used.
Do you have a way of tracking and auditing your collected data? This is something that you will have to provide if you are investigated.
6. Here is an extra tip as 5 didn’t seem enough - It is near impossible to become GDPR compliant on your own, Instead, you will need an additional certification such as Cyber Essentials to support your compliance. If you haven’t started the relevant certification(s) already, there is still time but only if you start now.
How many did you already know? With 25 May just around the corner, I hope you got 5/5.
If GDPR is something you have been putting on the back burner then now is the time to make it a priority, just saying.
Do get in touch if you need any help.
About us: We (Yellowspring) are an IT Services business helping leading property businesses in Essex and London; so you can be sure we know the issues your business faces on a day-to-day basis and can share lots of useful and directly relevant guidance with you.