EU rule could cause trouble for IFAs
Nonetheless, while we may not share the same sunny weather as some of our European neighbours, something is approaching that we do have in common; the General Data Protection Regulation (GDPR).
Despite our imminent departure from the EU, every UK business will still need to adhere to the GDPR and ensure their processes surrounding data are in place for May 2018. In theory, the principles and aims of the GDPR will be beneficial for all. However, there is one area of the GDPR that carries potentially huge issues for advisers.
Under GDPR, individuals can request that a company holding their data deletes that information, along with any records on past interactions. On the face of it, it is a reasonable rule.
However, if an adviser is required to delete data upon request, it could leave that firm vulnerable if the client (urged on by an ambulance chaser) later lodges a complaint.
Under GDPR, individuals can request that a company holding their data deletes that information, along with any records on past interactions
One of the most frustrating situations for any adviser, particularly an appointed representative in a big network, is for a speculative complaint to come in and be upheld because the network is not able to provide sufficient information to enable the adviser to defend themself.
The Information Commissioner’s Office, which is responsible for GDPR compliance in the UK, has provided the caveat that if there is a "lawful basis" for a firm holding client data to not adhere to requests to delete records, it must document the reason and update its privacy notice accordingly.
However, I believe we need much greater clarity. While the FCA is not required to produce guidance on GDPR, I would urge the regulator to issue specific information on how advisers can meet these EU requirements without being vulnerable to future complaints.
Similarly, the ombudsman, should publish what it considers reasonable, as it makes the final decision on disputed complaint cases. Without clarity from Fos and the FCA, GDPR will create a potential time bomb for all advisers.
It would be shameful for advisers to have taken care to apply sun cream throughout the summer, only to get burnt by a lack of clarity about how to ensure they can safely adhere to this important European regulation in the future.
Ken Davy is chairman of SimplyBiz