Nucleus and Zero Support managing partner Phil Young have partnered up to launch a white paper on the General Data Protection Regulation (GDPR) specifically targeted at financial advisers.
The white paper will provide financial advisory firms with guidance, information and practical points on getting their business compliant with the new regulation ahead of its introduction on 25 May 2018.
Many firms are still experiencing the aftershock of MiFID II and, while Nucleus acknowledges that that many firms will be compliant with the Data Protection Act, they should “see GDPR as a natural extension of these rules for the digital age”.
To assist firms with their compliance, Nucleus has provided advisers with a “basic plan” that covers; accountability and governance, mapping data and processes, establishing the legal basis, conducting a privacy impact assessment, supply chain management, data security, revisiting consent and B2C direct marketing.
Nucleus recently surveyed 200 advisory firms that use their platform, and found that just 47% of respondents had an “average” understanding of the GDPR requirements.
Nucleus chief customer officer Barry Neilson commented: “GDPR might appear like a daunting piece of regulation, but advisers also need to remember it is a very important one and they simply cannot ignore it. The aim of the new rules is to ensure people have control of their data and how it is used. This gives advisers and business owners a great opportunity to gain a better understanding and deeper insight into how their business works, and whether their processes are as efficient as they could be.
“2018 has already seen a huge amount of regulatory upheaval with MiFID II and PRIIPS coming into force in January. Advisers need to consider how they are meeting their responsibilities around data protection and shouldn’t underestimate the work involved, especially as the fines for non-compliance can be large. Advisers must also remember that this is not a ‘one and done’ exercise, but an ongoing piece of work to make sure data processes are appropriate.”
Young further added: “Advisers are more than used to managing new regulation, and with the dust yet to settle on MiFID II, it’s time to take a deep breath and get stuck into the GDPR. It’s worth remembering the new rules are designed to give us all a bit more control over our data so advisers should benefit from this as well as their clients. At heart, the GDPR means understanding and explaining what data you have, what you do with it, and how you look after it.”
Subscribe to our newsletter to receive breaking news by email.