The Financial Conduct Authority (FCA) and the Information Commissioners Office (ICO) have published an update on the EU General Data Protection Regulation (GDPR). The GDPR will come into force on 25 May 2018. Like all firms that handle personal information, financial services firms must consider how the GDPR will apply to them, and ensure that they are ready to comply with the regulations from May.
The FCA had said that some firms had queried on the ability to comply with both GDPR and regulatory requirements: compliance with some of the FCA’s rules, in fact, requires financial services firms to process personal data. On the other end, compliance with the GDPR is seen as a senior management responsibility, which clearly intersects the responsibilities embedded in the Senior Managers Regime. Also, the requirement to treat customers fairly (TCF) is also fundamental in both FCA and ICO’s objectives.
It will be interesting to see how the GDPR will interact with the Financial Ombudsman Service in relation to the individual “right to be forgotten” and the ability for firms to defend themselves against a complaint.
The FCA and ICO are working closely together in preparation for the GDPR and this follows an existing cooperation. In 2014, the FCA and the ICO signed a Memorandum of Understanding to lay out their formal relationship and coordinate their activities. Important points for regulated firms to remember are that:
Both the FCA and the Commissioner will alert each other to any potential breaches of legislation applicable to the other regulator that it discovers whilst undertaking its duties, and provide relevant supporting information. Furthermore, the FCA and the Commissioner will exchange information on relevant issues of interest to the extent permitted by law, and as appropriate and relevant to their respective objectives.
There are still ongoing discussions to clarify requirements within the wider regulatory landscape and it is critical for firms to keep an eye on that space.
To ensure you reach a fully compliant position in time for May 25th, please do not hesitate to contact one of our consultants.