All businesses handling personal data are assessing their procedures and the financial services sector is certainly no exception as the new data protection law comes into force in May 2018. The penalties are considerable – potentially 4% of annual turnover for mishandling information.
Firstly every firm must have a GDPR Data Protection officer who must understand the law and how data flows through your organisation, taking responsibility for ensuring that the workforce are aware and adhere to the firm’s policies which are in brief that, to hold personal data the firm must have proof of consent or legitimate interest. The predecessor to this law is the Data Protection Act.
Aldrich and Co’s top tips for GDPR preparation
- Appoint a Data Protection Officer to manage, monitor and control GDPR
- Create a comprehensive chart of the flow of data
- Inform all employees on how the law impacts your business
- Cleanse data that is unnecessary to be stored
- Have a reporting procedure in place for if a breach does occur (within 72 hours of being aware of the breach)
- Consider cyber security insurance