General DataProtectionRegulation

14 March 2018

Branko Bjelobaba FCII

Regulation & Compliance Consultant

Branko Ltd

FCA compliance consultants

* DIY Manuals

* Workshops

* Tailored solutions

Compliance

Partner

Today

1. ICO

2. GDPR/DPA 2018

3. Summary

Setting the scene

• You have a responsibility and opportunity to

show customers that you treat their

information with the utmost care

• GDPR will force you to examine how you

communicate and market your services,

tighten up your security measures against

cybercrime and enable you to build a new

layer of trust and loyalty with customers

Would it

matter?

1. ICO

Who is in charge

then?

FCA or ICO?!

Fines in our sector

• FSA/FCA - £7.8m

• ICO £5.5m (max £500,000)

ICO - Goals

1. All organisations which collect and use personal

information do so responsibly, securely and fairly.

2. All public authorities are open and transparent,

providing people with access to official information

as a matter of course.

3. People are aware of their information rights and are confident in using them.

4. People understand how their personal information is

used and are able to take steps to protect themselves

from its misuse.

Relevant law

• Data Protection/GDPR

– New Data Protection Act 2018

• Nuisance calls/unsolicited marketing

– Privacy and Electronic Communications

Regulations 2003 (PECR)

ICO – numbers 2016/17

• 498,108 data controllers registered

• 204,281 overall concerns reported

• 21,393 cases investigated

• Fines totalled £3.5m

• Fee income £19.7m

• Expenditure £25m (439 FTE staff)

Fees from 2018

ICO – work with firms

• 35 audits providing advice and recommendations

• 22 information risk reviews

• 23 follow-up audits

• 58 advisory visits to SMEs

Which sectors

generate the most

issues?

And why?

2,565 self reported incidents