Brokers are being urged to take action now, to ensure they are compliant for new data protection rules that come into force in May.
These EU-wide General Data Protection Regulations come into force on 25 May and will give customers full control over how their data is used.
The regulations apply to any company that possesses personal data of EU citizens.
Speaking at a recent industry event, Intelliflo chief operating officer – and chair of the GDPR Working Group – Rob Walton, outlined the key areas advisers need to address in order to meet these new regulations.
He says: “The biggest thing you can get caught out on is privacy notices.”
He says advisers must ensure they issue privacy notices to all clients whose data they hold.
These must provide information on the personal data the company collects, how it is stored and used and who it is shared with.
Crucially, these notices should be clear, concise and accessible. If they are laden with legal jargon brokers could find they are failing to comply with the new regulations.
Walton adds: “All actively serviced clients must receive a privacy notice by the deadline date.”
He added that to further protect an adviser’s business, a privacy notice should also be published on the company’s web page as soon as possible.
The penalties for companies that fail to comply with these new regulations are steep. Those that fail to meet these new GDPR obligations risk a fine of up to €20m or 4 per cent of the company’s revenue.
Walton warned that in additional breaches become public record which could damage the reputation of a business.
He warned that there are many “innocuous” ways in which advisers may breach these new rules. “For example, plenty of advisers will snap a photo of a client’s passport for identity checks on their personal phone, and that photo is then uploaded to the cloud – and suddenly you are breaching the rules for not storing personal information securely.”
He urged brokers to make sure of secure portals, and online resources available to help ensure they meet their GDPR obligations.
For brokers one of the key issues will be having clear evidence of how customer data has been handled, whether it is hard copy or in electronic form.
Walton added: “The silver lining is that knowledge is increasing of data protection –many clients may well face the same regulations as you. Fundamentally being GDPR complaint will make your business better.”
Coereco director Andrew Montlake says it’s important for brokers to get to grips with these new regulations so they can be fully compliant in May. He says resources are available for those that need additional help.
“It is really important for brokers to make sure they understand the rules and have a proper process in place for how they store data and market to their clients. The Association of Mortgage Intermediaries have provided some excellent guides on GDPR for members.
“Brokers need to ensure that the data they are holding is relevant, and most importantly make sure they have proper controls in place and backup systems to cope with potential hacks to their systems.”
London & Country’s associate director David Hollingworth says: “Data is an important issue for customers and they will expect advisers to be up to speed about these new regulations.”
He adds: “Key issues will be the consent from customers when marketing to them and how that is obtained, with the focus on customers electing to opt in. Customers will also gain rights to see the data held on them, for that data to be portable and gain the right to be forgotten.
“Brokers will therefore need to think about how they will deal with those requests, as well as meeting the need for the formal policies such as data protection and security policies.”