The FCA has reminded firms of their responsibilities to store, use and share their clients’ data in a lawful manner. These obligations need particular focus if a firm is changing the way it operates / engages with its customer base – or is merging with a partner organisation – due to current economic pressures.
The area is a particular hot topic because of the overlapping investigatory and enforcement powers held by the FCA and the UK’s Information Commissioner’s Office. Firms bear parallel obligations under the FCA Handbook as well as of course under GDPR and the Data Protection 2018; a single data breach can therefore give rise to two separate regulator actions.
The FCA and ICO have traditionally worked together effectively to ensure that the best placed of the two deals with incidents arising in the middle ground they share – as was seen in the context of the Equifax data breach. The ICO has itself shared this latest FCA post via social media, emphasising the joint focus of the two regulators.
If you’d like to discuss the way in which data requirements apply to your organisation – and how those requirements may evolve at the end of the Brexit transition period – please do not hesitate to contact one of our data specialists.