Simon Hawker, Managing Director Lonsdale Services, St Albans reviews how Lonsdale Services and Lonsdale Mortgages is preparing for the General Data Protection Regulation (GDPR) changes due on May 25th 2018.
GDPR Regulation changes
The GDPR regulations are changing from May 25th 2018. The aim of the new regulation is to protect all EU citizens from privacy and data breaches, and update the 1995 directive following changes to technology. The key data privacy principles are still in force but changes have been made to regulatory policies.
Simon Hawker, Managing Director of Lonsdale Services and independent financial adviser, St Albans said:
‘Our Lonsdale Mortgages St Albans office follows our standard procedure for client mortgage reviews and new business. We take detailed notes of all client phone calls and meetings which we record on our client database. Our client data is stored on Intelliflo an established web-based software provider to the UK financial services sector. Their leading web-based practice management software, Intelligent Office meets regulatory and market changes and is being used by Lonsdale Mortgages and Lonsdale Services to improve our client service and meet our GDPR requirements.
‘For example the GDPR changes offer individuals new rights including the right to be forgotten (erasure), data portability and choices on direct marketing. In a move to become GDPR compliant we have amended our client agreements and introduced the new customer privacy notice. Our client agreement has also been updated so it complies with new GDPR regulations. Our primary legal basis for processing client data is still – ‘processing is necessary for the performance of a contract,’ but where we require to process sensitive personal data for example data on health for protection insurance we will require a client’s explicit consent. When clients next have their mortgage review their mortgage adviser will ask them to sign a new client agreement which has been updated so it complies with new GDPR regulations.
‘The GDPR regulation has focused on the need for all companies to manage their data security effectively. We are currently undertaking colleague GDPR training in all our offices. Part of this training involved an external consultant reviewing office security, and checking how Lonsdale colleagues are working in order to minimise any data security risks. Lonsdale Services achieved Cyber Essentials certification in March 2018. Gaining this certification prepares Lonsdale for GDPR and will strengthen and unify data protection for all our clients. We chose Cyber Essentials certification as it is a Government- backed industry supported scheme which helps organisations protect themselves against common online threats. The UK Government recently recognised The IASME standard as an excellent cyber security standard for small companies when in consultation with trade associations and industry groups. We worked with a qualified assessor and external St Albans IT consultant – Assign IT to independently verify Lonsdale Security data security policy.’