Insights & Events

Back
Image of modern city corridor

Planning for GDPR in Wealth Management: How Ready Are You?

 

The clock is ticking towards the GDPR deadline a year away. There’s now a real sense of urgency amongst affected organisations: you need to make sure you’re ready if you employ 250+, process 5,000+ client records a year and operate in the EU or have EU-based customers.

If you have a well-established Wealth Management CRM system in place, auditing your processes and data and documenting them for compliance is an important but achievable piece of work for your Data Protection Officer (DPO), whom you must appoint, if you haven’t already.

If your CRM system is not being used consistently or if there are pockets of data held individually or within other teams or functions in your Wealth Management firm, the challenge is greater. If client needs and the success of your business means you have outgrown your current system, now could be a good time to invest in a new solution that gives you headroom as well as helping you meet GDPR requirements.

Here’s our checklist of key initial questions to answer, to move you towards compliance:

  • Have you appointed a DPO?
  • Have you a comprehensive and complete overview of all the client data you hold and its location?
  • Have you checked which elements of your client data are specifically covered by GDPR?
  • Do your current systems allows you to offer selective access to data, restricting information to those who need to know?
  • Do you have effective processes to confirm that clients have agreed to allow you to store their data
  • Do your current systems provide a daily report to check and demonstrate data security?
  • Are all your staff aware of your firm’s GDPR obligations and committed to complying in their individual use of client data?
  • Can you readily respond to client data requests under GDPR, meeting the obligation to keep them informed, give access to records, allow rectification, erasure and objections, to move data or restrict its processing and to influence automated decision making and profiling?

Your Wealth Management firm relies on client insight in order to provide the best services. You’re already committed to maintaining client privacy, as part of your valued relationships. With GDPR, your data responsibilities become even more important and formalised.

If you’re not sure whether your current Wealth Management CRM system is fit to help you meet your GDPR obligations, talk to us. We can review your current solution and help you audit your existing data handling, then recommend how to achieve compliance, either with your existing solution or with investment in a different one.

Our recommendation? 

If you operate within the EU or hold data on its citizens, have a look at the legislation and identify any areas relevant to your organisation and its storage and handling of data. Decide if your databases and systems will stand up to scrutiny. Take legal advice if you need to. And take corrective action in advance, to avoid the risk of an EU law suit in the future.

For further information on how Xpedition can help you better manage your data, contact Ben Revill