Time is running out for financial sector firms to achieve compliance. GDPR is the law.

With only four months to go, time is running out for financial services firms to prepare themselves to be compliant with the EU General Data Protection Regulation (GDPR). The new regulations will come into force on 25 May 2018.

Your organisation must not ignore GDPR. Failure to comply could result not only in significant fines, but also potential loss of reputation or even a ban from trading in certain jurisdictions. You could also be subject to an external review to ensure that your organisation has the necessary internal compliance procedures in place.

Successful compliance will require you to consider many issues.
  • Are your consents up-to-date and GDPR-compliant, for example, the details include explicit opt-in where required? Are you recording the consents obtained so you have a record of these?
  • Are you fully aware of what personal information you hold and where within your organisation this information is maintained and managed?
  • What is your organisation's policy for reacting to a data breach? Will this policy be able to meet the new data breach reporting deadlines set under GDPR? Is everyone aware of the data breach policy throughout the organisation?
  • Is your organisation required to have a data protection officer? If not have you designated the responsibility of data protection to an individual within the organisation?
  • Have you addressed how you are going to communicate privacy to your external stakeholders? Has your privacy policy been reviewed to ensure this is going to be compliant under GDPR?
If you are unsure about the answers to the above questions, please contact Christopher Beveridge. We would welcome the opportunity to meet and tell you how we can help you successfully prepare for GDPR.
 

Leave a comment

 Security code