So far, there have been a few historic events during my lifetime that have had a dramatic effect on me. The first was a certain punk band crashing onto the scene in 1976, resulting in the music that influenced me during my informative years, and the sounds I still listen to as enthusiastically today.
Another is BREXIT. Something which is having an impact on pretty much everything in our lives right now. There is one myth, however, that needs to be dispelled. I'm sorry to break it to you but the GDPR has still gone ahead, whether we're going to be in the EU or not, and it has done so with gusto.
There are probably many GDPR (General Data Protection Regulation) programme managers wishing they could have downed tools once the 'leave' vote had been announced but alas, this myth, which did the rounds early in the BREXIT debate, is exactly that – a myth. Don't worry, this article is not about BREXIT and unfortunately for me, not about modern pop culture either, but it's about how the impact of GDPR is as significant to Synaptic Software and financial services, as the arrival of a certain punk band was to me back in the 70s.
We know the GDPR will primarily protect the personal data of all people living in the EU. Tick. However, it actually extends beyond the EU. It will also regulate the gathering and processing of personal data, regardless of where that takes place, as the Data Protection Act did previously. If you knew that, you'll also be acutely aware of the potential fines that can be imposed if firms don't comply – the worst case scenario being somewhere between £17 million or 4% of a company's global annual revenue. But, we've been reassured that fines are intended as a last resort and the [ICO's] focus and commitment is on guiding, advising and educating organisations on how to comply. Great for the headline makers, but, worry not, that is where the scaremongering ends, unless of course flagrant breaches are identified, and in which case, action will be taken with the potential for heavy fines to be imposed.
So, what exactly have Synaptic Product Managers been doing to ensure their systems remain compliant with the new data privacy laws?
Seb Marshall, Synaptic Suite Product Manager tells us how Synaptic's 'single point of entry' one-stop shop for all matters risk and investment-related, has adapted to the GDPR;
- Terms and Conditions (T&Cs) have been updated to account for all new GDPR regulations and are now accessible directly from the Help menu.
- Improved deletion capabilities have been installed throughout the Suite. When deleting users and/or organisations additional functionality now exists to move clients and investment structures.
- The Synaptic Suite now includes compliance for individual's rights under the legislation such as PII data exports and the right to be 'forgotten'.
So, no myths here, just the facts around the work Synaptic Software has undertaken to ensure our systems provide adequate protection to our, and your, customers' data.
Webline has seen significant change. Laura Vingoe, Product Manager, describes how.
- T&Cs have been updated on both versions. New and existing users must now accept them the first time they log in after 25th May 2018. Web services customers will have to accept T&Cs via a paper copy.
- Webline user accounts will be disabled after a three-month period of inactivity. Accounts remaining inactive or having been disabled for a further 35 days, will be deleted and all associated quote data completely removed.
- The Right to Data portability allows data extracts relating to a private client to be delivered via Secure File Transfer Protocol (SFTP).
- An audit history will become available in both versions of Webline, which will evidence any changes to personal data that have happened on the updated system after 25th May 2018. These audit logs will detail the time, date and type of change undertaken to any personal data fields.
- We have created a 'right to erasure' meaning a user account and all associated data can be deleted from the system, upon request. We have added additional extra security measures to safeguard special categories of data.
Sharon Milham, Product Manager, highlights some of the new features Client Care Desktop (CCD) users will experience:
- A new streamlined facility to delete client and staff records. Access to this functionality is controlled by the System Administrator within your business via the CCD user settings.
- Everyday activities such as change of address notifications or updates to holdings also now enjoy the facility to track changes via an audit log facility. This new log identifies who performed the update and when the change was undertaken.
- The ability to extract a client file from CCD into a single electronic file, allows you to import this data into an external system elsewhere within your organisation or respond to a data portability request from a client. Access to this functionality will again depend on the user privileges controlled within your business.
- There are now changes to the way marketing consents are collected and how these preferences affect the contact users have with their clients. Additional reporting and tables to assist with ongoing management and renewal of consent also feature in the release.