Are financial services firms ready for the incoming GDPR?

The General Data Protection Regulation (GDPR) was given approval by the EU Parliament in April 2016, and its enforcement begins on 25 April this year. Organisations not complying with its provisions could face heavy fines.

Image Credit

The new regulations are designed to harmonize data privacy laws across Europe, changing the way data privacy is dealt with. Details of the legislation can be found at

Industry insiders suggest that many organisations are likely to fall foul of GDPR when it comes into force, as they are unable to secure customers’ data effectively.

Companies are required under the legislation to appoint a data protection officer (DPO), and currently some firms are struggling to meet the deadline to fill such a position. This is crucial, since GDRP involves not only the potential erasure of data at an individual’s request but also the right to the portability of personal data without being prevented by the handler of their data.


The new legislation also stipulates that firms must also hire a DPO if their core activities include data processing that requires them to monitor EU residents on “a large scale”.

Furthermore, explicit consent must be obtained for retrieval of data and its uses, and any data breach must be reported within three days. Most companies recognise that security is the biggest challenge they face within their IT departments.

Image Credit

Independent financial advisers will also be looking closely at the new legislation. Research suggests IT teams are struggling to acquire the skills and expertise to deal with the new legislation, as it is not their traditional focus area. Although organisations are aware of the problems, they are still some way from solving them.


The development of software for IFAs, such as that provided by, will be key to coping with GDPR. Investment in IT is likely to ramped up to cope with any potential problems.

The industry’s ability to cope with new regulation remains a positive. Some analysis suggests that the main issue is informed consent, and that when a client leaves is when the challenge will begin. Then there is the question will be how long data needs to be retained.

The GDPR clock is ticking and affects the industry across the board. If you have not prepared for it, the time to get going is now.

About the author


The writer of this article currently manages his own blog and is managing to do well by mixing online marketing and traditional marketing practices into one.

View all posts