GDPR compliance now more important than ever for financial services firms

The Financial Conduct Authority (the FCA), the UK’s regulator of financial firms and the Information Commissioner’s Office (the ICO), the UK’s data protection watchdog, have signed an updated Memorandum of Understanding (MoU).

The FCA and the ICO first entered into an MoU in 2014 but this new updated MoU, entered into in February 2019, reflects legal and regulatory changes brought in by the GDPR and the Data Protection Act 2018 last year. It also outlines the intended future direction of the watchdogs’ relationship in areas of shared interest.

What is a MoU?

An MoU is an agreement between at least two parties which demonstrates a shared strategy or consensus on specific issues. Crucially, MoUs are not legally binding documents – they simply reflect the shared intentions of the parties. Therefore, the ICO and the FCA are not legally obliged to comply with the MoU.

Content of the MoU

The MoU provides for cooperation and sharing of information between the ICO and the FCA and will facilitate further collaboration and closer working between the regulators.

The main mutual obligations in relation to information sharing are as follows:

  • informing each other of possible breaches of legislation regulated by the other body discovered whilst performing their duties and offering further information where necessary;
  • entering into regular communication on areas of mutual concern and/or interest; and
  • where one regulator receives a request for information by a member of the public under freedom of information and data protection laws, asking the other regulator for their views where the requested information includes information provided by the other regulator.

The MoU also obliges the regulators to create rules or policies which implement the aims of the MoU and collaborate in relation to policies which have a significant impact on the other’s objective. Further, the MoU has provisions in relation to investigations and enforcement and the procedure to be followed in cases where both regulators have an interest.

Why is this important to financial services firms?

Financial services firms should be aware of the increased cooperation of its regulatory authority with the ICO. The information sharing provisions mean that any breaches of legislation discovered by one regulator will be disclosed to the other and that there will be an open dialogue between the regulators within areas of mutual governance.  The understanding reached by the FCA and the ICO in terms of how investigatory and enforcement powers are to be used will be of particular relevance to firms in the event of non-compliance.

This is not the first time that the ICO and FCA have collaborated on the GDPR. In February 2018, the regulators issued a joint update on the GDPR.

It is clear that the ICO now has more influence over the actions of the FCA and, therefore, data protection issues should be more important than ever for your organisation. The FCA has repeatedly emphasised the importance of data protection compliance to financial services firms.

If your organisation is within the financial services sector and has not yet taken action to ensure that it is compliant with the GDPR and the Data Protection Act 2018, you must take action now, especially in light of the penalties which may be imposed: 20 million euros or 4% of annual turnover, whichever is higher.

At MacRoberts, our experienced team can assist with ensuring your organisation is compliant with the GDPR and Data Protection Act 2018.

This article was co-written by Charlotte Fleming.

Latest updates from @MacRoberts

  • MacRoberts is recruiting! We currently have a vacancy for a Senior solicitor/associate to join our Private Client… 10 hours ago
  • This week on our new IGTV mini-series, giving an insight into what it’s like to begin a legal career during the pan… 23/06/2021
  • Would you like to work at one of Scotland’s leading law firms? We currently have a number of opportunities availabl… 21/06/2021
  • We currently have a vacancy for a Customer Due Diligence Administrator based in Glasgow or Edinburgh. Please shar… 18/06/2021
  • Maya Forstater received a lot of media attention around her tweets relating to her beliefs about sex, resulting in… 18/06/2021
  • Applications for our traineeships starting in 2023 are now open! Get your legal career off to the best possible sta… 18/06/2021
  • RT @DundeeAndAngus: Leading Scottish commercial law firm, @MacRoberts has advised BAM on the ‘game-changing’ Atlantic Square development in… 16/06/2021
  • This week on our new IGTV mini-series, giving an insight into what it’s like to begin a legal career during the pan… 16/06/2021
  • Self-employed status: What does the Uber case really mean? 🚖 Kenny Scott explains what the recent ruling means for… 16/06/2021
  • What is the Scottish #gin industry doing to improve #sustainability? Following #WorldGinDay celebrations over the w… 15/06/2021
  • The European Commission has adopted & published versions of two new sets of Standard Contractual Clauses. What ch… 15/06/2021
  • What impact could Ireland High Court's decision to reject an action by Facebook to block an inquiry by the Irish… 14/06/2021
  • Wishing all of our followers a happy #WorldGinDay! ICYMI: Earlier this week, we were delighted to catch up with… 12/06/2021
  • We're #hiring! We have a #vacancy for a Senior #Solicitor or Associate to join our IP, Technology & Commercial team… 10/06/2021
  • Dealing with an employee's misconduct when that employee contends it is linked to a disability can be tricky - read… 09/06/2021