Compliance tip: Five steps to GDPR compliance

With the General Data Protection Regulation fast approaching, firms should be turning their attention to the necessary updates to policies, procedures and business practices required for ongoing compliance.

This five-step framework will help guide you through the transition.

  1. Identify your data: It is essential firms have a clear understanding of the types of data they hold, where it is stored, who has access to it and how it is shared.
  2. Determine your legal basis for processing: There are six legal grounds for processing, but without a clear idea of which one is applicable to the firm’s specific processing activities, you cannot effectively audit the compliance of your current data and processes.
  3. Understand your data security controls: Data security is an integral part of GDPR compliance and meeting FCA expectations, so firms need to be regularly reviewing whether their digital and physical data security is robust and fit for purpose.
  4. Implement the necessary changes: This stage will look different for every firm, depending on their processing activities, size and legal basis for processing, but having enough time and the right resources in place is essential to making the necessary changes in time.
  5. Conduct regular post-implementation reviews: The hard work does not end in May. Continual testing and monitoring is the only way to ensure ongoing compliance.

Lorraine Mouat is senior regulatory consultant at TCC

Recommended

1

Regulation: Do Mifid II and the GDPR have conflicting aims?

Two significant pieces of legislation are set to impact the investment management industry in the coming year; Mifid II and the General Data Protection Regulation (GDPR). On the surface they appear to have conflicting aims, with the enhanced monitoring requirements under Mifid II seemingly incompatible with the enhanced data protection requirements of GDPR. Firms must […]

Compliance tip: Key changes to comply with Mifid II

The Insurance Distribution Directive, General Data Protection Regulation and Mifid II all impact how firms interact with clients, leading to necessary changes to client agreements. Here we consider the main alterations that will need to have been made to comply with Mifid II. It has always been necessary to describe the service to be received […]

Portfolio-Bonds-Investment-Business-700x450.jpg

Bull markets don’t die of old age

In our latest Investment Clock Strategy report, Head of Multi Asset Trevor Greetham comments that he does not see the signs that usually signal the end of a bull market. RLAM’s Investment Clock model is in the equity friendly Recovery phase. Central banks are reluctant to raise interest rates and real returns on cash are […]

Newsletter

News and expert analysis straight to your inbox

Sign up

Comments

    Leave a comment