This is understandable because when the previous data regulation was written in 1998, the world was a very different place.
There were no smartphones and the amount and volume of personal data being shared was significantly less than today.
Mr Mohamad adds: “The whole problem of balancing a regulatory change project against your business as usual work; it pinches at your resources or you would have to bring in external contractors to help you with the resourcing.
“That’s a lot of the issues I have seen with the clients in financial services. They are not realising the amount of effort they would have to go through to be compliant with GDPR.”
Firms have also been struggling with knowing what information they need to retain on file.
Maurice McDonald, also a consultant at Bovill, says: “[It's] That line between what is required from a regulatory perspective and what information should be retained, how it should be retained and how do you get the required options from all of your clients about what information you are going to be obtaining from them and how it’s going to be used.”
Mr Mohamad notes: “There are some unintended consequences. When they are trying to protect themselves against potential claims in the future to say they may have mis-sold a product, how do they balance that against the GDPR requirement of only holding onto personal data as long as they need?”
GDPR has had a significant effect on the whole financial sector and has especially impacted the advisory sector, many of which are smaller firms with limited technical and compliance resources.
On a more positive note GDPR is actually presenting opportunities for firms to stand out from their rivals.
According to Keith Maner, head of compliance at Thistle Initiatives, GDPR is an opportunity for businesses to “reset” how they use and collate data from their customers.
It will prompt new ways of thinking, and may bring about more trust and transparency.
Mr Maner explains: “There has been some evidence that GDPR is now being thought of as an opportunity for firms to gain some competitive advantage and to bring their data protection up to the standards that will be expected by more demanding data subjects.
“We believe that it could help catalyse a ‘data awakening’, where businesses and customers will begin to take data diligence and security much more seriously. This awakening also has the potential to provide further competitive advantage for firms that can more effectively demonstrate that the privacy by design objective is evident in their products and corporate culture.”
Richard Nuttall, head of compliance policy at Simply Biz, says that GDPR has also raised a general awareness of not only understanding what consumer data advisers have, but also how that data is stored and with whom it is shared.
