General Data Protection Regulations (GDPR)
Sarah Hamilton - May 14th, 2018
We are told that data is the new oil. There has been plenty of publicity recently about data breaches from Facebook/Cambridge Analytica so it is perhaps timely that the new GDPR comes into force 25th May 2018. GDPR will apply to all organisations in the E.U. including the U.K. and regardless of the Brexit vote.
The regulations are designed to protect the usage, interaction and storage of personal data. On the positive side, the new consent rules should mean a reduction in unsolicited emails. “List Sellers” (who have previously sold on personal data such as telephone numbers and email contacts) should be deterred by GDPR. There are potentially hefty fines the Information Commissioners Office (The ICO) are empowered to charge for those who don’t act following previous breaches and large companies that do not take the precautionary steps that could be expected of them.
The principles of GDPR are in fact nothing new to us at Richard Sexton & Co. At the heart of our professional practice is the confidentiality required in the way we handle the information we hold. We would never share data relating to our clients except when authorised to do so by the client and to perform our contractual obligations. We do endeavour to record what we do carefully, be accountable and to build and maintain trust and confidence that clients data we hold is only used in the interests of the client. As you may have noticed, we are now using open space as a secure collaborate document portal. This can be accessed by us and clients. Clients can download documents and if necessary sign and send back via the portal. The files are encrypted as are user passwords. Portals are important as the use of emails as a primary place to share financial information is now not compliant with GDPR.
We are reviewing and refreshing our existing archiving policy. Redundant data will be securely destroyed.
Any breaches of security would need to be reported to the ICO swiftly; we do our utmost to avoid careless breaches through training and appropriate procedures. We take our cyber security very seriously and hope that with the help of our IT experts, we are protected against malicious breaches.
We are refreshing the content of our Letters of Engagement to refer to the requirements of GDPR.
The new regulations are quite detailed and can be confusing and there is some scaremongering going on about these. We agree it is very important to be compliant and to be respectful of data security but through acting lawfully, fairly and with transparency with the key values of integrity and confidentiality at all times, we do not consider there is any need for panic.