Edit Content

Log in here for full access to all our great content

 

Please log in below with your username (which is your email address), using all lower-case letters.

 

Forgotten your password?
No problem, simply tell us you have forgotten your password to receive instructions instantly via email.

Having problems logging in?
If you are a current member but are unable to login, please first make sure you are using all lower-case letters for your username/email address. If you still have difficulties, please contact us via email at info@a-m-i.org.uk so we can rectify your problem.

Not a member?
Learn more about the benefits of becoming a member or apply online and we will be in touch.

Firms should be starting to review how they will comply with the EU General Data Protection Regulation (GDPR), which comes into force next year. While the new legislation is generally an extension of the existing data protection provisions, it adds explicit requirements and introduces new obligations, such as the accountability principle where firms will have to demonstrate how they comply.

One key change is the strengthening of individuals’ rights. Firms will need to seek explicit consent from an individual (e.g. not using a pre-ticked box) that should outline the specific activity for which their data will be processed. Firms will not be able to rely on consent given for one activity and use it for other purposes, so firms will need to decide how they will obtain consent for each processing activity. The declaration of consent has to use clear and plain language and not contain unfair terms. This move from firms providing long and complex terms and conditions to needing to effectively engage with consumers has already been encouraged by the FCA in their recent work on smarter communications. Individuals will also have a right to withdraw consent at any time and subject access requests will have to be provided free of charge.

The Information Commissioner’s Office continues to publish guidance on GDPR, however clarification is needed from the FCA on how it interacts with firms’ regulatory obligations such as disclosure, anti-money laundering and record keeping. Firms should however start to plan now for the changes they will have to make next year.

Aileen Lees
Senior Policy Adviser
April 2017