FCA has reminded firms of the importance of safeguarding customer data. It stresses that firms must remember their obligations in these changed operational times, and when leaving the market or merging with other firms.
It notes the importance of:
- the Principles – in particular Principles 3, 6 and 7, all of which are relevant to customer data;
- the breadth of the application of data protection legislation and its relevance not only to firms but also compliance consultants, IPs and liquidators; and
- the obligations the GDPR places on firms in respect of explanation of privacy information and on keeping records of how and why they process, share and retain personal data and what their lawful basis is for processing data, including how and when required consents are given.
FCA notes that the GDPR provisions will be part of UK retained law, and that the PECR will continue to apply. It stresses that it will take action if it identifies breaches of relevant parts of its Handbook and expects firms to be able to show how they have considered TCF and how their actions comply with data protection and privacy laws.