The World is a very different place than it was a few weeks ago and businesses are now operating in a time of flux, with many not being able to operate at all. With so many employees working from home and contact with customers being made in new or different ways; you need to ensure […]
How robust your data protection program is may be being tested during this difficult time, with employees working from home and others in workplaces with an abundance of staff absences. Having compliant GDPR and DPA18 policies, procedures and controls in place is mandatory, but has never been so important. How you process personal data during […]
This article provides guidance on writing your own GDPR/DPA18 Policy and utilises the requirements set out under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18). What is a Data Protection Policy? The GDPR advises that controllers must implement appropriate technical and organisational measures to comply with the GDPR; with those measures […]
What is Legitimate Interests? This article looks at how to carry out a Legitimate Interests Assessment (LIA) and gives guidance on the suggested stages. Legitimate Interests is one of the legal basis for processing personal data under the GDPR. Article 6(1)f of the Regulation states: – “Processing is necessary for the purposes of the legitimate […]
An SMF Handover Policy is a mandatory requirement under the Senior Managers Regime. SYSC 25.9.4 of the FCA Handbook provides further guidance and rules for Enhanced firms where an employee is performing a Senior Management Function (SMF). Reasonable steps must be taken to ensure they are provided with adequate information and the materials to carry […]
If you have obligations under The Money Laundering Regulations 2017 (MLR17), you will need to have compliant policies, measures and processes in place to meet those obligations. Whether your Supervisory Authority is the FCA, HMRC or Gambling Commission, many of the requirements set by these bodies come from the MLR17 and require firms to have […]
Certification Functions are those that cover specific functions that are not not specified as Senior Management Functions, but that can still have a significant impact on customers, the firm and/or market integrity. The FCA does not approve those individuals performing certification functions in the same way that they do Senior Managers. Instead, the firm itself […]
Whether you are starting from scratch, revising existing data protection policies or use templates from a professional provider; documenting your GDPR measures and controls is a labour-intensive task. Although the GDPR/DPA18 has been in place since May 2018, there are still thousands of firms who are only partially compliance with the mandatory data protection laws […]
In a speech delivered by Nausicaa Delfas (Executive Director of International) at the UK Financial Services Industry Beyond Brexit Summit in London, the FCA discussed their preparations for Brexit and beyond. Whilst it is still the case that nothing is set in stone with regards to the UK leaving the EU, the FCA were keen […]
The FCA are extending the Senior Managers and Certification Regime (SM&CR) to include solo-regulated firms from 9th December 2019. This extension aims to reduce harm to consumers and strengthen market integrity. There are 3 categories under the SM&CR: – Limited Scope: these firms will be exempt from some baseline requirements and will typically have fewer […]