• About us
  • Pricing
  • Services
    • Consultancy
    • Training
  • Partners
  • Resources
  • Contact
  • Login
  • Try for FREE
Calling IFAs – Got any unanswered GDPR questions?
August 24, 2018
How to deal with a subject access request from a third party
August 30, 2018
August 29, 2018

One IFAs journey to GDPR compliance

Astrid has a growing client base of Independent Financial Advisors (IFAs) who understand the importance of complying with the General Data Protection Regulation (GDPR) and are looking for tools and guidance to help their through the process.

Interface Financial Planning was one of our first clients to complete Astrid’s compliance process and receive their GDPR compliance certificate. We talk to owner and Independent Financial Advisor Alan Moran about his journey towards GDPR compliance.


Why is data protection so important to you as an IFA?

Data protection is absolutely vital to me as an Independent Financial Advisor (IFAs) because if client data was exposed it could ruin my business. Firstly, clients would be likely to leave and go elsewhere if they learned that data had been leaked from our company. Secondly, the FCA (our regulator) would be likely to investigate which would take time, cost, and may have regulatory implications. Thirdly, the ICO penalties may be significant.
Alan Moran (002)

When did you start planning your GDPR compliance?

I started planning for GDPR in June 2017 and we started auditing and designating our processes to manage our data. However, we were frustrated by the lack of guidance and the lack of clarity – a lot of information was not available until very close to the 25th May 2018 deadline.


Where did you turn for information about GDPR?

The ICO has some guidance and I looked at several different sources but none of them gave clear guidance and there was some contradiction. I requested guidance from my compliance team at CATS (Compliance and Training Solutions). CATS recommended Astrid.


How long did it take you to get the right measures in place?

When I discovered Astrid, it took about a month of focussed work to complete.


What was your biggest challenge in becoming compliant?

My biggest challenge was finding a structure and clear guidance on what was required. Without Astrid I would still not be confident that I had covered everything.


Was there any aspect of your journey that caught you by surprise?

The differences between organisations in the way that they viewed and implemented GDPR compliance - it was shocking and very disconcerting. With one saying one thing and someone else saying something different it was a relief having Astrid to give us the confidence to know that we were absolutely compliant regardless of what anyone else said or did.


What do you consider the benefits of now completing the process?

Peace of mind! I can relax knowing that we have covered all the bases. I am sure that we are within the top 10% (or higher) of GDPR compliant firms. Our clients can also view our GDPR compliance certificate and our Cyber Essentials certificate on our website and have confidence that we take their data security very seriously.


Where was Astrid most helpful to you in becoming compliant?

Providing a structure and a process - there were things that we would not have thought of without Astrid. Astrid also provides a GDPR compliance test for all of my staff support (I am a small company with two support staff).


What advice would you give to other IFAs who haven’t started, or have started and haven’t finished their journey to compliance?

Wow! If they haven’t started I would be extremely concerned! I would recommend Astrid to all IFAs whether they believe that they have completed their GDPR compliance or not. Astrid provides a structure and ongoing support. GDPR compliance is not simply a case of ‘done it’ now forget it. All firms must have a structure and a regular GDPR review process in place and Astrid provides them with it at a very reasonable cost. Why reinvent a process themselves when they can obtain a first class process from Astrid? Just get it, get it done, and then get on with your business knowing that you have got the best GDPR process in place!


Protect your business - become and remain GDPR compliant with Astrid

 
Subscribe today
 
Share
Emma Oram
Emma Oram

Related posts

February 24, 2022

GDPR and CCTV cameras in vehicles – are you still compliant with data protection laws?

Read more

Leave a Reply Cancel reply

You must be logged in to post a comment.

Astrid Data Protection Ltd.

24 John Clare Close
Brackley
Northamptonshire
NN13 5GG

Useful links

  • Home
  • About us
  • Pricing
  • Services
  • Partners
  • Resources
  • Contact
  • Privacy notice
  • Cookie policy
Company number: 11166227 - ICO registration: ZA310233 - © 2018 Astrid Data Protection Ltd.
Astrid Data Protection Ltd uses cookies on this website. Some are essential, others improve functionality and track your use of the site to help us improve it. You can reject the functionality and tracking cookies using the Reject button. To find out more read our cookie policy. Accept Read More Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT