News

GDPR - looking ahead to implementation

26th February 2018

The General Data Protection Regulation (GDPR) has found its place at the top of business’ agendas in recent years. Since the changes to the regulations were finalised in 2016, businesses across the EU have been re-evaluating their practices in response to the tougher rules and penalties.

What is it?

First coming into play in 1995, the original Data Protection Act was designed to keep user data safe and secure as the digital scene evolved daily. Whilst technology and the use of computers has continued to grow at an unprecedented rate since then, the rules regarding customer data haven’t changed and this has left people out of control and in the dark. The revised GDPR, which comes into effect on 25^th May 2018, is designed to increase transparency between businesses and customers and allow people to take back control of their own data. Whilst this is a step towards better business-consumer relationships – a positive situation for both parties – the strict new regulations are striking fear into many business owners, who don’t know where to start when it comes to gathering, storing and using data in compliance with the new laws.

The numbers

The numbers causing the most concern amongst business leaders are the penalties; businesses could be charged up to €20million or 4% of their annual turnover (whichever is greater) for any breaches of the new laws.

In the UK, three-quarters of businesses have transformed their operations and are ready for the change. A further two-thirds of UK businesses are optimistic that the new regulation will improve overall security and one-third are taking the opportunity to hire new talent.

For customers, the numbers tell a positive story too. A 2015 study by Digital Catapult found that 65% of consumers were unsure about how their data was being used and by whom, whilst 79% felt that their data was only being held for an organisation’s financial gain. The GDPR should change all this, restoring the trust and respect between businesses and their customers.

What it means for the financial sector

The financial sector is already a heavily regulated industry and many of the rules set out in the GDPR may already sit within business’ current processes. Indeed, under the new GDPR, organisations holding data will need to ensure this is secure and confidential, something that is already an obligation for finance professionals.

The big change for the sector is likely to be the necessity of providing documentary evidence of compliance. This will include anything that indicates clients’ active consent, any changes made to data or lists and evidence of guidelines on how the company plan to use the data they gather.

Individuals will have the right to access all their personal data, for free, and the right to be “forgotten”, meaning that they can ask businesses to permanently delete all their data.

Public authorities and organisations that undertake large scale processing of personal data will be required to appoint a Data Protection Officer, who will be responsible for overseeing GDPR compliance.

Looking ahead

Whilst it may seem complicated, navigating the new GDPR should not cause panic amongst businesses and those that have borne the upcoming implementation in mind should be well prepared. The important thing that businesses must remember is that the new GDPR is designed to improve relationships and will be beneficial for both business and customers.

With a wealth of experience in the financial industry, we keep abreast of any upcoming changes to make sure we offer our clients and candidates the right advice. If you'd like to find out more about how we can help you, please contact Nigel Jeyes on 01273 229499 or email nigel@graftonbanks.co.uk for an in-depth, confidential consultation.

Should you wish to contact us out of hours, please call 07714 765482.