With the deadline for the General Data Protection Regulation now just six months away, we still have the ICO finalising guidance whilst the Data Protection Bill is still making its way through Parliament. Not to mention the new Privacy Regulation which is supposed to be implemented at the same time, yet it’s still being agreed by the European Council and Parliament. So is this going to be catastrophic for firms, or is there an element of scaremongering here?
If firms are already compliant with the Data Protection Act, the updates to processes and documentation will be easier to implement. Knowing where your data is held, how it is held (security being the main concern) and by whom are key starting points. If you don’t use customer data for marketing, then again this will narrow down your to-do list.
One focus should be the data relationship with lenders. We need to agree a consensus with lenders to ensure that everyone understands their responsibilities. For example if a broker is collecting data on behalf of the lender in order for it to assess affordability, should it be the broker’s responsibility to keep payslips for two years after the offer has been issued? For what purpose would the broker want to keep this? It should not be needed for any complaint against the broker, so given that the lender should have seen these on application there would be no need for the broker to retain these.
Despite some of the unknowns at this stage, there are some areas which the industry should start to think about now. We hope that regulatory engagement will facilitate this.
Aileen Lees
Senior Policy Adviser