The General Data Protection Regulation (GDPR) and Data Protection Act 2018 were enforced from 25th May 2018, introducing stronger, tighter controls & measures for protecting personal data and the rights of individual’s. Our extensive GDPR/DPA18 Audit Checklist has over 140 assessment questions and enables you to assess, review and evidence your data protection compliance and commitement […]
The FATF encourage the full use of a risk-based approach to customer due diligence which is essential in knowing who businesses are working with and on behalf of. Extensive and robust due diligence controls are one of the key measures in identifying money laundering risks and should form a large part of any AML […]
The Information Commissioner’s Office (ICO) have conducted a two-year investigation into the handling and use of personal data held by the 3 main credit reference agencies, Experian Limited, Equifax and TransUnion. The ICO found data protection breaches within all 3 agencies citing “significant ‘invisible’ processing took place, likely affecting millions of adults in the UK”. […]
Under the FSMA, the FCA were given powers to write Conduct Rules that would apply to most of the employees within a firm. Applied to the banking sector in 2016, the FCA have now extended the Senior Managers Regime to apply to all solo-regulated firms from 9th December 2019. The enforceable Conduct Rules set out […]
The FCA have now extended the Senior Managers and Certification Regime (SM&CR) to approx 47,000 firms from 9th December 2019, which includes senior managers and certification staff within those firms. The extension of the SMCR aims to make Senior Managers and certain employees within financial services organisations accountable for their own actions and competence. Those […]
12
Oct
Oct
The GDPR (and the DPA18 which writes this Regulation in to UK law) sets out under Article 5 the principles that relate to the processing of personal data. These principles can be condensed into: – Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality Paragraph 2 of Article 5 states […]
The Senior Managers and Certification Regime (SMCR) replaced the Approved Persons Regime (APR) for solo-regulated firms from 9th December 2019. Firms with obligations under the SM&CR have until 9th December 2020 to ensure: – all relevant staff are trained on the Conduct Rules and how they apply to their roles all staff in certified roles […]
The Data Protection Act 2018 (DPA18) outlines the requirement for an Appropriate Policy Document (APD) to be in place when processing special category and/or criminal offence data under certain specified conditions. In November 2019, the ICO published a template for this document that can be easily customised and used by businesses to meet the requirements […]
Will the UK have a deal with the EU before October 31st? As of writing this post the answer is still uncertain and so it is essential that firms of all sizes with obligations under the GDPR ensure that they are fully compliant with the Regulation. The UK Government have already confirmed that the GDPR […]