GDPR will be enforceable regulation in May 2018. As individuals, the regulation will look to protect our personal data from misuse in a technical world far from the previous legislation written in the 1990’s. For a compliant business, this will provide customers with a greater degree of confidence and trust.
For Financial Service companies in the islands, GDPR should just be an extension of the Data Protection Act (DPA) processes already in place to protect Personally Identifiable Information (PII).
The island regulators are in the process of updating our existing DPA to ensure we keep our status as having adequate regulations in place. A business with customers who are EU Citizens or resident in the EU (e.g. US citizen living in the EU) should be looking to follow the GDPR regulations coming into force in May 2018.
If you are responsible for your organisation's compliance, starting from scratch or from the point of the existing legislation in place in the islands, it is essential to gain at least a high level understanding of the GDPR, its scope and its requirements. A crucial starting point is to understand the key concepts and principles.
b) Senior management “buy-in”?
If you don’t support and adequately resource your compliance program at the organisation's highest level of management you will struggle to make it a success.
c) Identifing your data?
Organisations must be able to identify the personal information they hold about employees, customers and suppliers. How it is used? How is it stored?
d) On the road to compliance?
To use an individuals’ PII then you are required to obtain consent and the legal basis for this for a lot of Financial Services companies will start with the contract. There is a lot more to the regulation that organisations must look at such as data minimisation, storage limitation, internal governance, Privacy Notices and any use of data is in accordance with an individuals’ rights
If your business is not on the road to compliance already, it has now less than a year and time is of the essence. If you need assistance in any of the steps to becoming compliant and want to discuss more about this, or any of the above then please do not hesitate to contact us.
Additionally, the following training courses with materials can be organised at your office or alternatively offsite.
Introduction to GDPR - Overview of the regulation covering key elements such as background, structure, principles, key roles, data subjects & their rights
Key steps towards compliance for your business – Where do you start? Putting into place a plan to become compliant and steps to maintaining compliance
Your staff play a key role in ensuring PII stays private. If a client challenges a member of staff about the use of their data how would they react? What would they tell the client? If client data is lost/stolen what steps will be put in place to manage this?