In addition to completing an internal review of its systems and holding consultations with its customers, the mortgage tech company also commissioned an independent external review to ensure robustness of its systems in supporting advisers post General Data Protection Regulation (GDPR).
The company says that while its systems already meet many of the requirements, a number of new enhancements are also underway which will make it easier for advisers to demonstrate their GDPR compliance.
Mark Lofthouse, chief executive officer of Mortgage Brain, said: “We looked at what’s on the ICO’s website, and consulted with legal advisers as to their interpretations. We then looked at a whole range of systems that we provide, and how we would effectively enhance them so to enable brokers and advisers to comply with the GDPR.”
The industry revealed the industry’s concerns over the complexity of compliance: “They firstly wanted to ensure that our systems could enable them to comply with the requirements of GDPR — the vast majority of which we’re already capable doing. Secondly, it was important to our customers that what we do needs to be proportionate to the number of requests that are likely to be received.”
“For example, a water company with four million customers received 150 requests for personal data in 2016, which equates to 1 in 30,000 people. When GDPR comes in, you’re likely to be getting more requests than before. But you’d be talking about 1 in 10,000 or 20,000 people. So it’s important that what we do isn’t more complicated than what it needs to be.”
“The consultations we held with our customers were an important part of this process and have proved extremely valuable in ensuring all parties know what needs to be done and who is responsible for what,” he added.
The announcement of GDPR compliance comes as research from the Direct Marketing Association revealed that around 15% — or just about one in seven — UK business still have no plan in place to meet GDPR obligations.
Intended as a replacement for the data protection directive of 1995, the GDPR is a piece of directly binding EU regulation aiming to strengthen and extend the scope of data protection for EU citizens – both within the European Union itself and the exporting of personal data beyond the EU — and will affect everyone involved in collecting processing information and data about individuals in the context of selling goods and services.
With the maximum fines for breaching the GDPR being the higher of either 4% of group turnover, or €20 million, Lofthouse also had some advice for intermediaries: “If you’re running a firm, pin the responsibility of GDPR on somebody within the firm, and have a look over the ICO’s website, which is actually very good.”
“GDPR is on its way and it’s going to affect everyone. It’s imperative that advisers have a full and clear understanding of the new rules and regulations and are well aware of their responsibilities and what support they should expect from their system providers,” said Lofthouse.
“Whilst we might not be directly responsible for the personal data that advisers’ hold on their systems, we do have a responsibility to all the users of our systems to make sure that they can satisfy their GDPR responsibilities,” he continued.
“It’s a responsibility we take seriously and, as we have in the past, we’re going the extra mile to ensure all of our systems – for the benefit of advisers – are fully GDPR compliant, well in advance of the deadline next year.”
The GDPR will come into force in the UK from 25 May 2018, and the UK government has confirmed that the Brexit negotiations will not affect the commencement of the regulation in the country.
Disclaimer: Mortgage Brain is the parent company of Mortgage Solutions.