The European Union’s General Data Protection Regulations are almost upon us. They come into force on 25 May, but one key marketing platform for fund managers may fall through the cracks of your no doubt detailed preparations for the big day – that is your website.
Preparing for GDPR goes well beyond a database cleaning exercise. The complexity involved in such tasks can be enormous, however. At Hawksmoor Partners we have been working with clients who have harvested large amounts of data on EU individuals as part of their research efforts. For some firms this data forms a critical part of the value of their business and they may have been and be planning to continue to use their website as part of their data collection efforts.
GDPR rules may apply differently depending on how you have been collecting that data and how you are using it within your business. For many firms this will be as basic as using cookies or other third party tracking methods, for others, data harvesting will have been much more comprehensive and sophisticated.
But let’s think ahead to the future as well. Many of the firms we begin working with have paid little attention to some of the things they can use their website for, which includes generating leads rather than simply acting as a static shop window. Post-GDPR it will still be possible to integrate your website with your CRM system in new and exciting ways, but you will need to make sure that you are doing this correctly and in compliance with the Directive’s requirements. This covers the way in which firms acquire sign-ups and opt ins for their marketing activities.
Given that the day will shortly be upon us when a large proportion of your databases will no longer be usable for direct marketing activities, those interested parties you acquire in the future will be far more valuable. All the more reason to ensure that these leads are being acquired in a compliant way.
Websites can be an important tool in the ongoing building of your engagement with your client base – but it is essential that a full audit is carried out to ensure that a site is compliant with GDPR. A full information audit can throw up some key areas where a company is missing a trick in terms of potential new lead acquisitions.
An audit should also be able to evaluate the sensitivity of the information being collected and the relative risk of storing and processing that data. Going forward, any changes to systems, for example in the way data is being harvested and stored, will need to be evaluated by the firm’s Data Protection Officer (DPO).
It is important to remember that right now there is no compliance badge that can be slapped on a website. While all kinds of certification courses are being pandered around, none of them bring with them an official seal of approval from the Information Commissioner. Such courses might bring with them some level of ISO compliance only.
Information regulators like the UK Information Commissioners Office (ICO) will be looking for companies to take appropriate steps to comply with the GDPR regulations.
How Hawksmoor Partners can help
Hawksmoor Partners is now able to carry out a full audit of websites, including how websites are being used or can be used to collect and process personal data in a GDPR compliant manner. For small to medium sized financial firms, we can also now provide the services of a part-time Data Protection Officer (DPO). A DPO is not required for all firms, but we can advise on where one is needed and can provide one on a part-time basis who can fulfil this role for financial firms that do not have the resources to appoint one on a full-time basis, or lack the internal expertise to do so.
For further information on our GDPR solutions, please contact Stuart Fieldhouse, Director of Communications, at firstname.lastname@example.org