Amidst all the fevered activity and rush to get the deal over the line, is it likely that for every transaction all the personal data has been processed and securely stored according to GDPR requirements?
Given how guidance on due diligence for anti-money laundering (AML) purposes changed during the initial lockdown from showing hard copy documents such as passports and driving licences to sending in scans and photos by email for verification, it would be a minor miracle if no breaches had occurred.
It has been a difficult and at times confusing period for AML and due diligence regulations, with some big changes being introduced in recent months which regulated businesses need to absorb.
It is now three years since GDPR came into force in the UK, and many businesses are still grappling with it.
Secure storage
It raises some interesting questions about where and how client data is stored, and the lengths to which brokers, lenders and conveyancers are keeping it secure.
It’s common for customer documents to be photocopied and kept in a filing cabinet, maybe a desk drawer or even somebody’s in-tray, so they’re within easy reach while working the case. But that also puts them within easy reach of anybody who isn’t authorised to view them.
Clearly that poses risks in terms of GDPR, so more likely the data is kept on a digital database on the firm’s network. However, can you be sure your hardware is secure?
In addition, when did you last scrub the hard drive on your photocopier? A lot of copiers still take an image of the document you’re copying and store it on the drive, which means when it’s time to upgrade your machine you’re sending all that data out of the door unchecked.
Data hosting is one of those behind-the-scenes functions that is incredibly important for the compliance of a business but can get left behind amid the rush to get the deal done.
Brokers are needlessly paying for multiple checks with different agencies, and there is also a huge cost in terms of time as they can spend hours manually checking hard copy documents which is not necessary.
The technology available today will not only host the data securely, but also carry out ongoing monitoring which automatically updates client records if things change, as well as search multiple databases in seconds.
The result is a full, FCA-compliant report whenever a search is carried out, so if a business does get a knock on the door from an auditor, the data is compliant without having to do anything.
For businesses getting to grips with the post-Brexit regulatory landscape, switching to electronic verification for customer onboarding processes will save time and money, and ensure you always know where your client data is.
