Page 9 - The Pulse Issue 8 070218
P. 9
Contributors GDPR has been stirring up a lot of negative press Will Mortgage Brokers notice a
recently due to the additional work involved to
fully prepare businesses’ processes for the new change to the way you handle
regulation - particularly industry’s like ours which their customer’s details or to
is still recovering from the impact of last year’s
buy to let changes. your documents and processes?
Are the GDPR’s defining principles really that difficult Louisa Sedgwick, Vida Homeloans: Mortgage Brokers
Mark Dryden to implement and will they actually benefit Mortgage will not notice a change in the way that we process their
clients’ applications. There will be changes in the way
Head of Development & Quality Assurance Brokers’ business in the long run? We’ve asked experts data is handled internally here at Vida to align to our legal
from various fields across the mortgage industry to give
their opinions on the impact preparing for GDPR has had obligations as a Data Controller. However, the interaction
on their business and what guidance they can offer to between Vida and brokers will remain the same.
Mortgage Brokers.
David Gilman, Blacks Connect: There are likely to be
minor changes – in that our Privacy Notices etc exhibited
on our website will be changed, and where we share client
How is your business preparing information with Mortgage Brokers, we are likely to seek
for GDPR? confirmation from them that they are aware of and will
comply with all their obligations under GDPR in relation to
client data.
David Gilman Louisa Sedgwick, Vida Homeloans: Vida Homeloans Mark Dryden, 360 Dotnet: Brokers already work within
has a GDPR implementation project which began in May
Senior Partner 2017 and will align our business to the new requirements. a regulated environment with the principals of Data
An initial impact analysis was conducted against current Protection baked into various training, education and
activity comparative to what’s expected under the GDPR. organisational processes. Probably the biggest change
This enabled the identification of the actions required is the gathering of consent, depending on what type of
to make the necessary changes to our data protection activities a Broker may wish to provide outside of their
framework well before the 25th May 2018 deadline. core service.
David Gilman, Blacks Connect: We have assembled 360 Lifecycle will allow Advisers to direct their client at the
a working party to consider the new obligations and start of the data gathering process to a ‘Permissions Portal’
Emma Hall procedures that will come into play, and to prepare the where details about how their data is used and processed
new suite of documents, policies, procedures etc, as it
can be perused and set. Any consents and preferences
Head of Sales impacts on our business and relationships with clients set in the ‘Permissions Portal’ can be changed at any time
and third parties. The working party comprises our Head by the client through SMS, email or other notifications with
of IT, Compliance Partner, HR Manager, and one Data full auditing of all activity.
Protection Lawyer from our commercial team and one
from our employment team. We have carried out our audit Emma Hall, Gwlegal: Brokers are unlikely to notice any
of the data held by the firm, and are working through the change. As part of our review we will be updating the
implications of that for our business both now and beyond consents we receive from clients to allow their data to
the commencement of GDPR in late May. be shared with their broker introducers. As this improves
communication on a client’s transaction we are confident
Mark Dryden, 360 Dotnet: As a technology provider, we that we will still be able to share relevant data.
Louisa Sedgwick need to ensure that we are providing the tools and features
required for Advisers to remain compliant. The GDPR
Director of Sales – Mortgages provides some interesting challenges and interpretations
to the processing of data, but the fundamentals of legal What is the greatest threat GDPR
and legitimate data processing and security is no different
Is the Mortgage Industry 360 Lifecycle goes a significant way to satisfying many poses to Mortgage Brokers?
before GDPR nor going forwards. Our position is that
of the requirements laid out by the GDPR that can then
Louisa Sedgwick, Vida Homeloans: The penalty for
be dovetailed with good internal processes, controls and
Ready for GDPR? education. non-compliance with the GDPR could be a significant fine
of up to €20m or 4% of group annual global turnover. This
risk is mitigated by documenting data protection policies
Emma Hall, Gwlegal: We have prepared and are
and procedures that describe (amongst others):
implementing a root and branch review of our Data
Protection Policies in line with GDPR. We are involving
staff at all levels including our Direct to Consumer services - how to handle various customer requests according to
Hear What the Experts Have to Say to ensure compliance post GDPR. Training is scheduled
their enhanced rights
in for all staff to tie in with our updated Policies on Data
Protection. - the maintenance of a detailed data inventory which
documents all data held, how it is processed and the legal
basis for processing
7 8
