Certification Functions are those that cover specific functions that are not not specified as Senior Management Functions, but that can still have a significant impact on customers, the firm and/or market integrity. The FCA does not approve those individuals performing certification functions in the same way that they do Senior Managers. Instead, the firm itself […]
Whether you are starting from scratch, revising existing data protection policies or use templates from a professional provider; documenting your GDPR measures and controls is a labour-intensive task. Although the GDPR/DPA18 has been in place since May 2018, there are still thousands of firms who are only partially compliance with the mandatory data protection laws […]
In a speech delivered by Nausicaa Delfas (Executive Director of International) at the UK Financial Services Industry Beyond Brexit Summit in London, the FCA discussed their preparations for Brexit and beyond. Whilst it is still the case that nothing is set in stone with regards to the UK leaving the EU, the FCA were keen […]
The FCA are extending the Senior Managers and Certification Regime (SM&CR) to include solo-regulated firms from 9th December 2019. This extension aims to reduce harm to consumers and strengthen market integrity. There are 3 categories under the SM&CR: – Limited Scope: these firms will be exempt from some baseline requirements and will typically have fewer […]
If you are required to comply with the MLR17, we have developed a Anti Money Laundering Checklist that contains over 60 assessment questions and helps firms to assess their compliance with the money laundering and financial crime legislation and regulations. Covering areas such as policies and procedures, transactions, internal controls, training, risk assessment and due […]
The ICO have expanded their data protection guidance on exemptions, which looks at some of the rights and obligations under the GDPR and DPA18. The ICO note that any exemption should not simply be routinely relied upon; instead, every event should be reviewed and considered on a case-by-case basis. They also reiterate that some areas […]
The ICO’s GDPR guidance pages have been devoid of any updates since the Regulation and DPA18 came into force back in May. However, the regulator has this week updated their guidance on International Transfers, providing a Q&A style assessment noting steps & actions when transferring data outside the EU. The guidance utilises a number of questions […]
Our guide to the Data Protection Fee looks at the ICO’s recent published guidance on the new data protection fee, which looks at the Governments’ new charging structure for data controllers. The fee will help to ensure the continued funding of the Information Commissioner’s Office (ICO) and will be based on a 3-tier model. Whilst […]
Already included in our GDPR Documentation Toolkit, whilst it is not a mandatory GDPR document, many of our clients have been asked to produce (or are adding to their website) a GDPR Compliance Statement. This document serves as a business plan for GDPR compliance, providing a summary of how an organisation is preparing for, and […]