- Current Law
Even after the UK’s withdrawal from the European Union (Brexit), UK companies will find themselves needing to comply with the GDPR if they are offering goods or services to EU citizens or monitoring their behaviour. The UK itself implemented the UK Data Protection Act 2018 and carried almost all of the GDPR into UK law so our obligations remain unchanged in practice. - Joint responsibility
We consider ourselves as having ‘joint responsibility’ with you for processing, maintaining and managing your client data. We are classed as ‘Data Controller’ of our customers’ personal data. If you receive a request (and there is a valid reason) to delete or restrict the processing of a client’s information, or to provide copies of all personal identifiable data, you should also ask us to comply with this request. We will do so, as long as we do not break other business compliance rules. - Data security
Security is key and we have systems, processes and people in place who monitor your data and that of your clients within our systems, looking for ways to prevent unauthorised access and keep it safe. - Data incidents and breaches
If you experience a data breach involving your clients, you should advise us as soon as practically possible as we may be obliged to notify the relevant supervisory authority within 72 hours. - Managing our data protection obligations
We have a dedicated data protection team, led by our Group Data Protection Officer, that manages our compliance activities and leads the development and implementation of any changes required.
Everyone in our business receives training on data security, including their responsibility in taking care of it. - Reputational risk
Maintaining our customer and personal data is at the heart of our controls and we know how damaging it would be to us, to our advisers and our customers should a data breach occur.