It’s time to take action on GDPR (General Data Protection Regulation).
May 25th 2018 is a date you really need to know. It’s only a year away, and now is the time to start planning so that you will be compliant with this major piece of EU regulation on Data Protection when it comes into force on that day.
GDPR legislation could have implications for your Wealth Management firm, particularly if you work in the EU, have EU customers or hold data on EU citizens. It will therefore still apply to UK organisations operating in Europe, even under Brexit…you need to start preparing the ground.
What you know about your clients is key to the individual and custom-fitted wealth management services you offer. You record profile information about them and their lifestyles in order to make the best choices for them. So the data you hold will fall under the GDPR categories of economic, social, cultural and mental information.
Firms affected by GDPR need to appoint a Data Protection Officer (DPO). They will be responsible for checking that you have consent from clients to store their data and that it is being stored and handled in a secure and compliant manner.
If you already have a Wealth Management CRM solution, you have a head start, because customer data will be controlled and managed in clearly identifiable repositories. But you’ll need to make sure that all your data is held exclusively in that system. If there are other spreadsheets or function-specific systems that individual users or teams have set up, perhaps unnoticed, you need to unearth them and apply the rules in every data storage instance.
In light of this, it’s a good moment to remind everyone in your business about the importance of sharing one version of client information in a single repository, securely accessible by those who need to know about it in order to plan and execute client services.
Traceability is very important – your DPO will be responsible for reporting any data breaches within 72 hours. You need to know if security is compromised or if any information has been exposed accidentally. Being able to track when data is accessed and by whom is an invaluable feature of a CRM solution.
Wealth management firms already operate in a highly regulated environment. GDPR must be taken at least as seriously as any other piece of financial services regulation. And the consequences of falling foul of GDPR are stiff. Fines of up to €20,000,000 or 4% of total annual global turnover could apply for serious infringements. Individuals could also bring private claims against data controllers.
If you’d like to talk through the implications of GDPR for your organisation’s customer data handling within your existing processes and systems, I’d be glad to set up a discussion with one of our CRM data specialists.