FCA warns financial services businesses to comply with data protection laws

  1. Home
  2. Latest
  3. Data protection warning from FCA

FCA warns financial services businesses to comply with data protection laws

FCA warns financial services businesses to comply with data protection laws

On 18 November 2020, the FCA published a press release warning firms of their responsibilities when handling client data in light of changes to the economic climate.

Firms are said to be changing the way they operate by choosing to leave the market or merging with other firms. However the FCA warns firms that when doing this,  they must ensure that they are continuing to lawfully process and transfer client data.

Firms are reminded of the FCA principles, particularly:

  • Management and control (Principle 3). Firms should organise and control their affairs responsibly and effectively, with adequate risk management systems.
  • Customer’s interests (Principle 6). Before transferring clients’ personal data, firms should consider whether this is fair to and in the interests of their clients; and
  • Communication with client (Principle 7). Firms should pay due regard to the information needs of their clients and communicate with them clearly and fairly.

The FCA will act where it identifies breaches of the FCA Handbook. Firms that intend to transfer or receive personal client data are expected to demonstrate how they have considered the fair treatment of consumers and how their actions comply with data protection and privacy laws (this includes the Data Protection Act 2018 (DPA), the General Data Protection Regulation ((EU) 2016/679) (GDPR) and the Privacy and Electronic Communications Regulations (SI 2003/2426) (PECR)).

Firms would also do well to follow the guidance published by the Information Commissioner's Office (ICO): the regulator responsible for regulating, and enforcing, information and privacy rights in the UK.

On 1 January 2021, after the Brexit transition period,  the GDPR will be incorporated into UK law and become the ‘UK GDPR’ . The DPA 2018 and PECR will continue to apply. There will however be some amendments to ensure the legislation works in a UK-only context.

Therefore firms should continue to follow their data protection obligations as the GDPR is here to stay.

Get in touch

For more information on this update, or any data protection related matters, please contact Matthew Holman.