It was setup with the aim of strengthening and unifying data protection for all individuals within the EU.
With virtually every business in every sector responsible for ensuring its data management is compliant, this is no mean feat.
For some this regulatory change is a huge burden, while for others it presents an opportunity to reinforce existing relationships and to support their industry.
With May’s deadline fast approaching, firms need to be cementing their plans about how they will meet the regulation – if they do not, they could potentially face huge fines.
Devote time and attention
For brokers, GDPR represents a huge opportunity.
It should be on everyone’s agenda to devote time and attention to ensuring that the best solution to clients, partners and suppliers is being provided.
Newsletters and workshops explaining what GDPR is and how data is managed – and used – are highly beneficial.
Importantly, the consequences of not meeting GDPR should be laid out in clear, simple terms so that everyone is aware of their responsibilities and how they can deliver the best solution for their business needs.
Supporting member compliance
Although as a network it is not within our remit to enforce GDPR compliance among our members, we are extremely committed to supporting them through the changes.
We have created a dedicated project team with three full-time members that work specifically to ensure we are fully GDPR compliant.
This year-old team has hosted workshops and created templates and flowcharts which we have provided to our networks, explaining what they need to do to safeguard their businesses and ensure they have the correct processes in place when the new rules come into play.
We are also working closely with our lender partners to keep abreast of their updates and requirements.
Monitored, tested, reviewed
We believe it is important to see GDPR as an evolution, rather than a revolution.
Information security is not a matter that any business can afford to stand still on.
In an era of cyber-attacks and IT threats, procedures for ensuring that the personal data we process is secure should be regularly monitored, tested, reviewed and updated when new threats emerge.
This is why GDPR is a standing agenda point at our weekly board meetings.
Our project team liaises directly with the executive committee to ensure everyone is aware and up to speed on activity in this area.
Staff training is also a key point, as it is paramount everyone is aware of these new processes and how they work.
Make it relevant
It’s not just a matter of updating ways of working but training our people to ensure they understand what this means for them day-to-day.
We share our networks’ approach to complying with GDPR and make material we have created for our own businesses available to our AR firms to use as templates if they wish.
Ultimately, GDPR is not just an issue for the mortgage industry.
However, it is our job to make it relevant for those operating within the mortgage market and it is certainly not something that can be ignored.