⭐GDPR promotes control and protection of personal data of the individuals. FCA Handbook and ICO Regulations together with new GDPR Rules ensure data protection & privacy in maintained in Financial sector.⭐

The financial service sector of the United Kingdom went through a multitude of vicissitudes in the year 2018. The current commotion caused by BREXIT has affected this particular sector immensely. Further, with the recent implementation of new rules introduced as part of the European Union’s General Data Protection Regulation (GDPR), the financial services sector in the United Kingdom have raised concern regarding certain aspects.

The General Data Protection Regulation (GDPR) has been effective since 25 May 2018. However, it was approved in the Parliament on 14 April 2016. This is regulated in the United Kingdom by the ICO (Information Commissioner’s Office). The FCA has now a new level of responsibility as complying with the GDPR rules must be supervised by this financial watchdog.

This article will delve into the following sections:

A change or revision always affects the working way or structure of financial service sector. And post 25 May 2018, a lot of changes have taken place.

  • What Is GDPR?

General Data Protection Regulation is data protection and privacy regulations for individuals residing within the European Union (EU). This regulation promotes control of personal data of the individuals and reduces to bare bones the internal business environment to enhance international business and trade. Therefore, the implementation of GDPR will restructure the way in which an individual’s data is managed and handled.

It can also be said that this regulation protects the fundamental rights of an individual. GDPR is a chief and significant change that was brought into data privacy in the last 20 years. Now the question is what kind of data does this regulation protect? Any “personal data” or personal information related to an individual is protected under GDPR. Any business house or unit, which handle the data of individuals must have a GDPR compliant Privacy Policy and must safeguard the data of its consumers. And such organisations or business house are required to employ a Data Protection Officer (DPO) who will be solely responsible for managing the compliance of this regulation.

  • What Was the Need for a New Data Protection Plan?

“Progress is impossible without change, and those who cannot change their minds cannot change anything.”

-George Bernard Shaw

The 1995 Data Protection Directive was outdated. Hence, there was a dire necessity of replacing it with a new legal framework. That’s how GDPR came into the picture. After the evolution of business medium and platforms, more and more businesses entered into the world of technology to expand their business. And after a few years, gradually, the functions and operations of the business units started taking place on the internet (online). This whole scenario changed the way an individual’s data was collected and processed. Also the way it crossed the borders within the European Union. A new set of the legal framework was a need of the hour as the Data Protection Directive was not in synchronization with today’s digital era. Somewhere it failed to address the issues related to data and its protection.

To keep up with the pace of technological advancement, the General Data Protection Regulation came into force.

  • Views of the FCA on the Implementation of This New Rule

After the implementation of GDPR, many firms about their ability to comply with the GDPR interviewed the financial watchdog FCA. Therefore, it was visible and clear from the statements released by the FCA that the GDPR rules were compatible with the FCA Handbook. Further, it said that there are many requirements in the GDPR that are common to the FCA as well.

The FCA and ICO had conducted roundtable discussions to listen to the concerns of the industry related by the GDPR implementation. Because the FCA was quite interested and proactive in smoothening out the implementation and function of this regulation within the wider regulatory landscape.

  • What Is Right to Erasure?

Under Article 17, the GDPR introduces ‘Right to Erasure’ or ‘Right to be Forgotten’. This means that individuals have the right to have their personal data erased in certain circumstances. So, let us see when this right can be applicable, under what circumstances a person can apply ‘Right to Erasure’:

  • The initial and original purpose for which the personal data was collected no longer seems to be necessary.
  • If the personal data of an individual is used for direct marketing purposes.
  • On condition that an individual has a legal obligation to comply with.
  • Providing that the personal data have been processed to offer information society services to a child.
  • If the data has been processed illegally or unlawfully that means a breach in the lawfulness has been found.
  • If an individual withdraws their consent for the personal data.

The significance of this legal right holds a broader perspective in terms of Privacy Policy. All the consumers now have control over their personal data. The way data is distributed, handled, and managed have also been changed.

Consent of an individual paves the way for enhanced accountability and transparency for organisations, which deals with the personal data of their consumers. It will help put consumers in the centre of a relationship that will further build trust and confidence. In some way or the other, all these reforms will create a good reputation for your organisation.

Setting yourself apart from the competition is the motto of every organisation but keeping your customers on top priority is the thing, which will steer the way for you to stand out. If an organisation maintains transparency, customers will stick to them. And the backbone of any organisation is their customers.

Conclusion

GDPR Vs. FCA is the wrong way to put things. We already know that the FCA and ICO had joined hands in the making of this much-needed regulation. It is important to know how the company you are dealing with shares your personal data. Because this regulation demands enhanced the level of protection of personal data.