Legal

Advisers urged to train staff on GDPR to avoid data breach fines

|
17th January 2018
"Training staff so they are fully aware of what they can and can’t do with regards to data helps to reduce the risk of data breaches plus ensure the firm itself is not the focus for any potential enforcement procedures"

Intelliflo is urging adviser firms to make training staff a top priority ahead of the implementation of new GDPR rules on 25th of May to mitigate the risks of expensive data breach claims.

Intelliflo research shows that of the 96 reprimands that were made publicly available in 2017 by the ICO, 11 were directly aimed at individuals for offences including unwarranted accessing of personal data and sending sensitive data to personal email accounts without reason.

Intelliflo says this represents a significant leap, since there is no available data showing individuals targeted by the ICO in 2016.

Public bodies have also been fined by the ICO. In May 2017, Greater Manchester Police was fined £150,000 because of three sets of sensitive personal information getting lost in the post.

To help financial advisers with training, Intelliflo has commissioned three new e-learning courses worth 30 CPD minutes each and is making them available to all 19,000 users of its Intelligent Office management software.

To assist firms in getting up to speed on the requirements of the GDPR in advance of the May deadline, Intelliflo is also offering six free licences to the courses to all iO user firms.

Rob Walton, Chief Operating Officer at Intelliflo, commented: “Adviser firms will need to ensure employees are made fully aware of their responsibilities in terms of the data they can access and the consequences of any mishandling, with permissions being installed where possible to segregate data for its correct use. Under the new GDPR rules, it is mandatory that any breach is reported to the Information Commissioner’s Office and, in most cases, the data subject within 72 hours.

“Firms are at risk not only of fines, but also of highly negative media attention. Training staff so they are fully aware of what they can and can’t do with regards to data helps to reduce the risk of data breaches plus ensure the firm itself is not the focus for any potential enforcement procedures if staff claim they didn’t know they were doing something wrong.

“We have created these courses to help our customers prepare for, and be better equipped to deal with, the GDPR and to improve their overall cyber security. We firmly believe that all technology firms have a responsibility to help their clients in these areas. It is essential that everyone in each firm is aware of how to protect data and that there is widespread awareness and understanding of the risks and procedures that need to be followed. All staff at Intelliflo undertake these courses too, as it is equally essential that all our people are aware of the responsibilities we have to our customers in handling and processing their data.”

Related articles
More from Legal
.