Thirteen months and counting. In May 2018, new laws on data protection and privacy come into force, but the Information Commissioner’s Office warns the general data protection regulation (GDPR) still isn’t on the agendas of senior management at many organisations. For asset managers, struggling to protect their brand and preserve their bottom line in an industry where reputational damage and regulatory fines have been a consistent theme, that’s a potential disaster.
The window of opportunity for compliance with the GDPR is closing rapidly and the regulation is wide-ranging. The regulatory imperative of GDPR creates some very specific issues for asset managers and the cost of non-compliance will be very high, both in terms of the fines and penalties potentially due and the broader reputational damage.
The imperative is to move swiftly to solve the problems that lie ahead. Consider the following action points:
- Find out what data is held, where it is and who has access to it;
- Have a clear view of any additional risks posed by third-party access to data;
- Check to see that data is being used only in ways that customers have consented to;
- Audit the extent to which customer data is well protected.
- Consider how you use data across your business – and how you would like to;
- Build an organisational view of what data privacy means to the whole business;
- Embed data protection and privacy issues into overall business strategy;
- Evaluate systems and processes on whether they are agile enough to facilitate innovation;
- Be ready for further change as the regulatory environment evolves.