Nucleus, the adviser built wrap platform, has teamed up with Zero Support Managing Partner Phil Young to launch a white paper on the General Data Protection Regulation (GDPR) specifically aimed at financial advisers.
The white paper provides advisers with information and practical action points on getting their businesses compliant with the new regulation ahead of its introduction on 25th May 2018.
While the aftershocks of MiFID II are still being felt, Nucleus notes that while many advisers will already by compliant with the Data Protection Act, they should see GDPR as a natural extension of these rules for the digital age. The guide also says that GDPR offers advisers the chance to consider all aspects of their businesses and how different functions, from data security to business planning, interact and integrate with one another.
To help advisers with their compliance, Nucleus has provided advisers with a basic action plan that covers off the following areas of the regulation:
- Accountability and governance
- Mapping data and processes
- Establishing the legal basis
- Conducting a Privacy Impact Assessment
- Supply chain management
- Securing your data – physical and digital
- Revisiting consent and privacy disclosures
- B2C direct marketing
In its recent Census, where Nucleus surveyed 200 adviser firms that use the platform, it was found that 47% of respondents say they have an ‘average’ understanding of their GDPR requirements, suggesting they haven’t all quite figured out what the implication are of these changes.
Barry Neilson, Chief Customer Officer at Nucleus, said: “We are delighted to once again be partnering with Phil Young to provide this guide to the GDPR for advisers. This comprehensive white paper aims to help advisers make sense of the requirements and how they apply to their business and we hope they find it useful in their GDPR journey.
“GDPR might appear like a daunting piece of regulation, but advisers also need to remember it is a very important one and they simply cannot ignore it. The aim of the new rules is to ensure people have control of their data and how it is used. This gives advisers and business owners a great opportunity to gain a better understanding and deeper insight into how their business works, and whether their processes are as efficient as they could be.
“2018 has already seen a huge amount of regulatory upheaval with MiFID II and PRIIPS coming into force in January. Advisers need to consider how they are meeting their responsibilities around data protection and shouldn’t underestimate the work involved, especially as the fines for non-compliance can be large. Advisers must also remember that this is not a ‘one and done’ exercise, but an ongoing piece of work to make sure data processes are appropriate.”
Phil Young, author of the paper, and Managing Partner of Zero Support, added: “The bad publicity surrounding Facebook and data breaches by the likes of Equifax brings the backdrop to the GDPR into sharp relief. The public will never be more aware of the risks posed by businesses holding personal information.
“Advisers are more than used to managing new regulation, and with the dust yet to settle on MiFID II, it’s time to take a deep breath and get stuck into the GDPR. It’s worth remembering the new rules are designed to give us all a bit more control over our data so advisers should benefit from this as well as their clients. At heart, the GDPR means understanding and explaining what data you have, what you do with it, and how you look after it.
“I wrote the guide specifically with financial planners in mind, and added some examples based on my own experience with advice firms. It includes a lot of practical help on the changes you need to make.”