Astrid has a growing client base of Independent Financial Advisors (IFAs) who understand the importance of complying with the General Data Protection Regulation (GDPR) and are looking for tools and guidance to help their through the process.
Interface Financial Planning was one of our first clients to complete Astrid’s compliance process and receive their GDPR compliance certificate. We talk to owner and Independent Financial Advisor Alan Moran about his journey towards GDPR compliance.
Why is data protection so important to you as an IFA?
Data protection is absolutely vital to me as an Independent Financial Advisor (IFAs) because if client data was exposed it could ruin my business. Firstly, clients would be likely to leave and go elsewhere if they learned that data had been leaked from our company. Secondly, the FCA (our regulator) would be likely to investigate which would take time, cost, and may have regulatory implications. Thirdly, the ICO penalties may be significant.
When did you start planning your GDPR compliance?
I started planning for GDPR in June 2017 and we started auditing and designating our processes to manage our data. However, we were frustrated by the lack of guidance and the lack of clarity – a lot of information was not available until very close to the 25th May 2018 deadline.
Where did you turn for information about GDPR?
The ICO has some guidance and I looked at several different sources but none of them gave clear guidance and there was some contradiction. I requested guidance from my compliance team at CATS (Compliance and Training Solutions). CATS recommended Astrid.
How long did it take you to get the right measures in place?
When I discovered Astrid, it took about a month of focussed work to complete.
What was your biggest challenge in becoming compliant?
My biggest challenge was finding a structure and clear guidance on what was required. Without Astrid I would still not be confident that I had covered everything.
Was there any aspect of your journey that caught you by surprise?
The differences between organisations in the way that they viewed and implemented GDPR compliance - it was shocking and very disconcerting. With one saying one thing and someone else saying something different it was a relief having Astrid to give us the confidence to know that we were absolutely compliant regardless of what anyone else said or did.
What do you consider the benefits of now completing the process?
Peace of mind! I can relax knowing that we have covered all the bases. I am sure that we are within the top 10% (or higher) of GDPR compliant firms. Our clients can also view our GDPR compliance certificate and our Cyber Essentials certificate on our website and have confidence that we take their data security very seriously.
Where was Astrid most helpful to you in becoming compliant?
Providing a structure and a process - there were things that we would not have thought of without Astrid. Astrid also provides a GDPR compliance test for all of my staff support (I am a small company with two support staff).
What advice would you give to other IFAs who haven’t started, or have started and haven’t finished their journey to compliance?
Wow! If they haven’t started I would be extremely concerned! I would recommend Astrid to all IFAs whether they believe that they have completed their GDPR compliance or not. Astrid provides a structure and ongoing support. GDPR compliance is not simply a case of ‘done it’ now forget it. All firms must have a structure and a regular GDPR review process in place and Astrid provides them with it at a very reasonable cost. Why reinvent a process themselves when they can obtain a first class process from Astrid? Just get it, get it done, and then get on with your business knowing that you have got the best GDPR process in place!
Protect your business - become and remain GDPR compliant with Astrid
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.