For many regulated firms that wondered if the Financial Conduct Authority (‘FCA’) considered data its responsibility should look no further than the latest FCA statement on the matter. While oversight of data protection in the UK is within the jurisdiction of the Information Commissioners Office (‘ICO’) the FCA seems poised to take some of this responsibility from the ICO.
It is no secret the ICO is under-resourced to manage all data controllers in the country, this rings true for many FCA regulated firms that have had little to no interaction with the data regulator. In light of this, the FCA seems to have adopted a more proactive approach on data protection interpreting data mishandling as to be breaches of its principals for business.
PRIN 6 should be especially well known as the FCA’s golden rule; the FCA is known to levy hefty fines if it detects firms treating customer’s unfairly, moreover the FCA has indicated breaches of data protection to fall within the purview of PRIN 6. This new stance, while not unexpected, should be met with concern for firms who consider data protection secondary to FCA compliance.
The FCA has far greater and ranging sanctioning powers than the ICO who is bound by the fine limits set in the GDPR and PECR. The FCA notes the area of concern for them in particular is company mergers and the selling of data sets which seems to be another veiled warning against Claims Management Companies considering previous FCA communications to the portfolio group.
If you are a firm who is worried or concerned about their current protection procedure in the wake of this update Scott Robert can help. Contact us today and we can have one of our data protection experts on hand ready to assist.