Training staff about the new GDPR rules ahead of its implementation date on 25 May 2018 should be a top priority to ensure firms mitigate the risks of expensive data breach claims, according to a GDPR industry working party set up by Intelliflo.
Rob Walton, Chief Operating Officer (COO) at Intelliflo, who chairs the working party, comments: “Adviser firms will need to ensure employees are made fully aware of their responsibilities in terms of the data they can access and the consequences of any mishandling, with permissions being installed where possible to segregate data for its correct use. Under the new GDPR rules, it is mandatory that any breach is reported to the Information Commissioner’s Office (ICO) and, in most cases, the data subject within 72 hours.”
Of the 96 reprimands that were made publicly available in 2017 by the ICO, 11 were directly aimed at individuals who were working for firms at the time at their indiscretions. These were for offences of unwarranted accessing of personal data and sending sensitive data to personal email accounts without reason. Such instances could have been avoided with proper staff training. This represents a significant leap in such reprimands, since no individuals were publicly targeted by the ICO in 2016.
Public bodies have also been fined by the ICO. In May 2017, Greater Manchester Police was fined £150,000 because of three sets of sensitive personal information getting lost in the post. Again, staff training could have helped to avert such a mishap.
Rob Walton continues: “Firms are at risk not only of fines, but also of highly negative media attention. Training staff so they are fully aware of what they can and can’t do with regards to data helps to reduce the risk of data breaches plus ensure the firm itself is not the focus for any potential enforcement procedures if staff claim they didn’t know they were doing something wrong.”
To help financial advisers with training, Intelliflo has commissioned three new e-learning courses worth 30 CPD minutes each and is making them available to all 19,000 users of its Intelligent Office (iO) management software.
The courses cover GDPR Awareness, Phishing Awareness and Information Security Awareness and have been compiled by Alan Calder from IT Governance, an acknowledged international cyber security expert and a leading author on information security and IT governance issues.
To assist firms in getting up to speed on the requirements of the GDPR well in advance of the May deadline, Intelliflo is offering six free licences to the courses to all iO user firms. The burden of regulatory change falls upon all advice firms, with the costs most keenly felt by smaller firms. These courses will be particularly helpful to those firms, enabling them to prepare their staff for GDPR free of charge.
Rob Walton continues: “We have created these courses to help our customers prepare for, and be better equipped to deal with, the GDPR and to improve their overall cyber security. We firmly believe that all technology firms have a responsibility to help their clients in these areas. It is essential that everyone in each firm is aware of how to protect data and that there is widespread awareness and understanding of the risks and procedures that need to be followed. All staff at Intelliflo undertake these courses too, as it is equally essential that all our people are aware of the responsibilities we have to our customers in handling and processing their data.”
For further information please contact Jo Rimmer at Redspark PR on 07970 088383 or firstname.lastname@example.org.
About Intelliflo’s GDPR Working Party
The Intelliflo GDPR Working Party comprises delegates from 11 major networks and advice firm customers, representing around 2,000 UK advice firms. The aim is to get to a common interpretation of the impact of the GDPR regulation on financial service firms and a best practice approach of implementation that will assist all Intelliflo customers in meeting the challenges of this new regulation.
The group is meeting regularly to discuss how firms interpret the key articles of the GDPR regulation and how they plan to meet the requirements. After each meeting, a consultation paper is produced that is shared with all Intelliflo customers for feedback.
Intelliflo (www.Intelliflo.com) has been providing information technology services to financial services companies since its formation in 2004. Its leading web-based practice management software, Intelligent Office, is the most widely used by new UK financial advisers* and helps financial businesses large and small to improve efficiency and increase profits. Intelligent Office supports over 2,150 firms and 19,000 users with assets under advice of £335 billion (as at 1 January 2018). Intelliflo was named Best Technology Provider 2017 at the Professional Adviser Awards and Best Back Office System 2017 by Professional Paraplanner magazine. ISO27001 accreditation assures advisers that their data is safeguarded within a high quality security management framework.
In July 2013 HgCapital, a leading European private equity investor in B2B technology companies, became a majority shareholder in Intelliflo Ltd. HgCapital has a wealth of expertise in developing web-based software businesses and is committed to supporting the next phase of Intelliflo’s growth.
*Based on number of directly authorised financial advice firms registered in 2016.