What does GDPR mean for SMEs?
The Data Protection Act (DPA) will be replaced by the EU’s General Data Protection Regulation (GDPR), a framework with greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data.
GDPR forces SMEs to know exactly what personal data they hold and where it is located (whether on PCs, on servers, or in the Cloud), and have procedures in place to ensure its complete removal when a request to do so is made. Monitoring protocols must be able to recognise and act on breaches as soon as they happen, and an incident recovery plan put in place to deal with the repercussions.
Preparing for all this will require a full information audit and, for many companies, a change in culture, which is why SMEs should start to plan and implement well in advance of the 2018 deadline.
What does MiFID II mean for SMEs?
Any organisation providing financial services to clients linked to ‘financial instruments’ will have to record and store all communications intended to lead to a transaction. Unlike the current FCA regulations, which are specific to those directly involved in financial trading, with MiFID II any organisation that’s even giving advice that may lead to a trade or investment will need to comply with this rule.
The new requirements stipulate that all conversations ‘that are intended to lead to a transaction’ must be recorded, broadened from the previous mandate of ‘client orders and transactions.’ MiFID II also includes other communications such as mail, fax, email or audio recording of client orders placed during face-to-face meetings that are intended to result in a trade.