Feb 14, 2018

GDPR update from ICO and FCA

The Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO) have published a joint update about the General Data Protection Regulation (GDPR). The new legislation, replacing the UK Data Protection Act 1998 (DPA) will come into effect from 25 May 2018. In the UK, GDPR will be regulated and enforced by the ICO.




FCA rules

The FCA already has requirements that financial services must comply with the processing of personal data. The FCA claim that the GDPR “does not impose requirements which are incompatible with the rules in the FCA Handbook” and that “there are a number of requirements that are common to the GDPR and the financial regulatory regime detailed in the Handbook”.

The current financial services regulatory framework also complies with the GDPR requirement to treat customers fairly. The FCA explain that when their rules are created, they take into account how their requirements affect the privacy interests of individuals such as firms’ customers and employees, and are open and transparent about why they have made rules and any changes.

The financial regulatory body further comment that the GDPR is now a board level responsibility. Firms must be able to produce evidence to demonstrate the steps that they have taken to comply.

Ongoing discussions

The FCA acknowledges that there are still ongoing discussions regarding specific details of the GDPR to ensure that they can be implemented consistently within the wider regulatory landscape. The FCA and ICO are working closely together in preparation for the GDPR.

The FCA is considering how their rules are compliant with the GDPR requirements. These include the requirements in the Senior Management Arrangements, Systems and Controls (SYSC) module. It is recommended that as part of firms’ obligations under SYSC, they should establish, maintain and improve appropriate technology and cyber resilience systems and controls.




What is GDPR? What are the main changes that will be implemented? Find out with our overview on our blog.

At SmartDebit, we are keeping up-to-date with the ICO to be fully prepared for GDPR when it is implemented on 25 May 2018.

Related Posts...


Ready to start improving your cash flow?

Get Started