GDPR an Important Issue for Professional Services

A study carried out by IBM’s X-Force Research Team found out that data breaches in the financial services sector increased by 937% year on year from 2015 to 2016. Of all those data breaches 53% were inadvertently caused by an organisations employees. You must consider the impact of a breach under “normal” circumstances on your professional services. You also need to consider how your clients and customers would react to a breach caused by human error or lack of security measures.

Trust between clients and professionals is so important and vital and to damage, the relationship could end it.

By setting and keeping a high data protection standard set by GDPR will go a long way towards building and maintaining a trusting relationship. It will also help reduce the risk of huge fines imposed by the lead supervisory authority and possibly irreparable damage to the company’s reputation.

If your organisation is accountable for the security of large amounts by demonstrating GDPR compliance builds trust between both professional services and their clients, and to start it off plan a good preparation.

How prepared is your professional service organisation for GDPR?

Learn about GDPR if you haven’t yet. Start the process off by completing a risk assessment and provide all employees with training in data protection.

Who is in charge of your organisation’s compliance?

Data controllers and data processors have a greater role than ever before with GDPR. Make sure that clearly establish ownership within your origination is set and that there is additional support if needed.

What data does your organisation hold and where is it stored?

It is likely that your professional services organisation will hold a large amount of data. Data holders must know where the information is and how it is stored and who it is shared with.

Do you and your employees understand your responsibilities?

Most firms are data controllers that makes you liable for providing clients with a guarantee of due diligence from third party data processors.

Does your organisation need a Data Protection Officer (DPO)?

If your organisation is regularly monitoring individuals or processing sensitive personal data, you will need to appoint a Data Protection Officer (DPO) who will oversee the organisations compliance, who will be the first point of contact with your lead supervisory authority.

Are you holding yourself accountable?

When starting a new project, make sure to carry out a privacy impact assessment and update your privacy notices, consents and rights for individuals.

What happens if there is an event of a data breach?

If a data breach takes place you have 72 hours to report an issue to your lead supervisory authority.

What if my organisation transfers data overseas?

If you use software to contact colleagues in other countries, you are there for transferring data over the seas. You must have a lawful basis and the data subject’s consent to transfer their data while also demonstrating compliance and best practice.

Do you the right consent to contact your existing database?

When managing data you are effectively managing people’s preferences. Did they make it clear how they would like to be contacted such as email and how they would like their data to be handled for future contact. Make sure you have provided an opt-out opportunity.

Is there any recruitment gaps to fill in within the organisation?

If your team can’t handle the number of information requests being asked with legalisation procedural changes, it is a good idea to expand it.

Find out more information about our GDPR Guide.