Consent is a hugely important moral and legal value. This comes into particular focus when it comes to our personal data, such as our name, age, preferences, and especially our finances.
Indeed, who has the right to know and hold onto this kind of information about us, and under which circumstances?
What counts as us “giving consent” to a business or organisation, so they can legally and legitimately hold this kind of information about us? What protections are in place to keep our data safe once we have consented to handing it over to someone else?
As financial advisers, we take these kinds of questions especially seriously. After all, we help clients in a very personal, intricate and important part of their lives: planning and optimising their financial affairs. As a result, we have been closely following and preparing for the new European data protection regulation coming into force towards the end of May: The “GDPR.” This is set to be one of the biggest shake-ups in recent years regarding data protection.
In this article, we’re going to briefly outline what the GDPR is, and how it affects your personal data – particularly with regards to your relationship with a financial adviser.
What Is The GDPR?
The GDPR is short for “General Data Protection Regulation”, and refers to a new European regulation set to come into force on the 25th May 2018.
In brief, the GDPR will set a new, higher standard for businesses and organisations who hold the personal information of EU citizens. Your “personal data” includes data such as your name, email address, physical home address, IP address, phone number and medical information – essentially, anything that might be used to identify you.
As of 25th May 2018 the new rules will be binding upon the UK and applicable to its citizens – replacing the Data Protection Act 1998, and enforceable even in light of the Brexit vote.
The GDPR is important to financial advisers and their clients because of what it calls data “controllers” and “processors”. A business which states why and how your data is used falls into the former category (e.g. Google). A business in the latter category actually processes your data.
A processor, for instance, might move your email address to an Excel spreadsheet of email addresses after you sign up to a company newsletter. The company might then upload this spreadsheet to an email service provider programme, so they can send the newsletter to your inbox.
It’s easy to see, therefore, how this applies to financial advisory firms like Cedar House. After all, when someone becomes our client they are agreeing to enter a very trusting relationship with us where important, sensitive financial information is disclosed.
A financial adviser therefore needs to spell out very carefully, from the beginning, what a client is signing up for when they become a client. They also need to define which personal information the business will be retrieving from the client, how it will be handled and used, and what exactly it will be used for.
How Cedar House is Preparing for GDPR
In a sense, the GDPR is no great shock to us.
As we’ve already stated, our business is built upon nurturing long-lasting relationships of trust with our clients. So we have always been careful to go above and beyond when it comes to protecting our clients’ personal data.
One important thing we will be doing prior to the May deadline, however, concerns our email database. If at some point you have signed up to our newsletter, or disclosed your email address to us, then we will be sending out an email campaign to you to confirm you are still happy for us to hold this data.
If you would like to continue receiving our financial tips, content and updates, then you can let us know by “opting in” and stating / updating your email preferences. If, however, you would like to remove yourself from our email list, then all you have to do is tell us – or indeed, not respond at all!
For current clients, we are reviewing our internal data protection policies to ensure they go as far as they possibly can to respect your personal data.
How The GDPR Affects You Going Forwards
From the day of the May deadline, it is vital that you know your rights under the rules stipulated in the GDPR so you can help ensure your data is protected.
One positive development for you is that you will have a stronger “right to be forgotten”. This means that you can give any business or organisation 4 weeks’ notice to remove the personal data they hold on you, if it is no longer relevant to them.
This, we believe, is a really positive development. After all, think of all the adults who will be grateful to ask social media companies to delete embarrassing posts and comments they made online during their teens and childhood!
Under the new rules, you will also be able to request access to the information a business or organisation holds about you. When you do so, the party in question will have a month to disclose to you information such as how they acquired your data, what they have used it for, and how they store and process it. This must be explained to you clearly – not in a jargon-laden way which leaves you confused.
Of course, you will also be able to demand that this personal information be updated or removed, if you so choose.