Home Boost Business Lancashire logo

GDPR countdown: How do financial services strike the balance?

GDPR 30 weeks web

As part of HM Network’s regular series of GDPR countdown blogs, Director Martin McAleer explores the effect of the regulation updates on financial services companies.

Financial Service companies will be experiencing a double bout of regulation updates with Markets in Financial Instruments Directive II (MiFID II) coming into force in January 2018 and GDPR in May 2018. This makes a heady cocktail for any company to get right. While GDPR covers privacy, data retention and data security with a broad brush, it will be coupled with the MiFID’s requirements that all communications that could lead to a transaction should be recorded and stored in a secure way.

This includes conversations over a personal mobile phone and face-to-face meetings. MiFID II requires all conversations that could lead to a transaction to be recorded. So, while MiFID II will provide duty of care to record all conversations and correspondence in the interests of client advice and transparency, it will need to be balanced against GDPR’s focus on preventing potential intrusions into a client’s privacy. This brings in a potential conflict. MiFID II will require financial services companies to gather and retain more data about customer transactions than ever before, at the same time they need to take extra precautions around protecting their customers’ data. Most companies when GDPR comes into force will probably limit the amount of data they collect, rather than gather more. Unfortunately, financial services need to comply with both sets of regulations and it is their responsibility to know where the lines are drawn.

The line between GDPR and MiFID II is a still a little murky, For instance MiFID states that any recording should be stored for five years, GDPR is more ambiguous and simply states that personal data shouldn’t be kept for any longer than needed. The question could be, “Is five years too long for a simple telephone conversation that didn’t lead to a transaction, but it might have done?” When in doubt it is usually best to air on the side of caution and seek expert, professional advice to secure the business’s future. It is also good advice to make sure all relevant staff are fully aware of the responsibilities and obligations, backed up with regular training.

After all the most common reason for non compliance is human error. Putting in place systems that allow you to automate the collection, retention, minimisation and storage of data as much as possible is favoured, in our opinion. Separating work and personal equipment, phones, laptops/tablets for example, makes it easier to manage and comply with the regulations and automate as much as possible, while keeping any data that needs to be retained, as secure as possible.

There has been a lot of talk about the size of the new potential fines, especially under GDPR. However, the bigger issue for small and medium sized companies will be the damage to reputation and industry respect that will come with not being compliant.

For instance the big corporations that we all deal with, will almost certainly view smaller firms as a higher risk if they’re unable to demonstrate control over data processing and compliance with both MiFID II and GDPR. This means that smaller companies could find themselves out in the cold due to inaction. So, make a start now if you haven’t already, and if you need help and assistance please ask. Here are some resources to give you a start on GDPR and we also run free GDPRExpress sessions once a month around the North West. So there really is no excuse for inaction. GDPRexpress ICO Checklist The Practical Implications of MiFID II 

For news of our free upcoming GDPR awareness sessions and our “Social” events please see our eventbrite page https://www.hm-network.com/events/ If would like a further information on any of the areas discussed in this blog post or you want us to put you in touch with specialists who can provide training you can email us or call on 03333 444 190.

Share

You may also like...

Five key pointers for marketing your retail product Marketing your retail product
31st October 2024
 | 
Inspiration & Spotlight
Five key pointers for marketing your retail product
Business consultant Suzi Wynne, a specialist in retail business, outlines her five key pointers to help get your product seen.
Choosing the right structure for your business Choosing the right structure for your business
24th October 2024
 | 
Inspiration & Spotlight
Choosing the right structure for your business
Boost business adviser, Lateef Badat, who is part of the Boost Flying Start team, explores some of the most common structures, along with their advantages and challenges, to help you make an informed decision.

Sign up to our newsletter

For insights and events to help your business thrive.

In completing this form, you understand that Lancashire County Council (Boost) has a requirement to process your personal data. Lancashire County Council will only ever process your personal data where it has a clear lawful basis for doing so in full compliance with data protection legislation - UK GDPR and The Data Protection Act (2018). We will ensure the security and confidentiality of your personal data at all times. For full details of how Lancashire County Council handles your personal data please see our privacy notice here . Some information relating to this public funded project may be declared to third parties under the Freedom of Information Act 2000.
Funded by local govmt
Department for Trade and Business
Northern Powerhouse
Lancashire County Council

The website uses cookies.

Some are used for statistical purposes and others are set up by third party services. By clicking 'Accept all & close', you accept the use of cookies. For more information on how we use and manage cookies, please read our Cookie Policy.