Jump to section:
From the 25th May 2018, a new EU privacy law will commence. This regulation will be called the General Data Protection Regulation (GDPR). The regulation will be put in place across the EU and EEA region and will be applicable to any company that sells to European citizens. Many of these companies, including those based in other parts of the world also store data relating to European consumers. Now, for the first time, these citizens will have greater control over how their personal data can be used, stored and protected.
For purposes of regulation, personal data means all names, images of persons, email addresses, bank details, postal addresses and even computer IP addresses. The regulation seeks to protect data about people irrespective of where they work. For example, the law recognises that people working in companies are people too and their data needs to be protected. Companies cannot refuse to comply with the pretext that when employees are at work, they are not in their personal space and therefore have no right to privacy. Needless to say, there are tons of work that companies need to do in order to be compliant and avoid hefty fines.
Every individual will have the right to access their personal data. This means that customers can always ask to see what data a company holds about them and also have the right to know how that data is being used. Companies will need to inform the customers that their data is being recorded and must provide them with a copy of all personal data, free of cost, on demand.
Customers will also have the right to data portability. This means that customers can ask for data to be transferred from one company to another when changing service providers. Interestingly, once they cease to be customers, they can also request to be forgotten and the company will require erasing their data already. Companies will also be required to notify a customer immediately if their data has been compromised, within 72 hours of a breach. There will be other rights as well, such as the right to stop their data from being processed and correct the information if required.
Online gold and silver dealers need to put in place several initiatives in order to comply with the new regulations. Firstly, they need to map all the personal data relating to their customers held on their systems. This includes setting access levels and conducting a risk audit. The next step involves cleaning out all unnecessary data to avoid the risk of non-compliance. Here at Physical Gold, we’ve long been a meber and adhered to the Information Commissioner’s Office guidelines, so GDPR isn’t a huge adjustment.
Dealers of precious metals will also need to invest in robust security systems to ensure that they are well protected against hackers or any possible breach. Lastly, they will need to put in place processes that clearly demarcate the data that needs to be stored as per customer approvals. Handling of data is likely to be a big challenge and simply implementing processes will not be enough. Staff need to be trained on how to handle data and maintain transparency with customers at all times. This could also include timely notification of any breach and disclosure to customers about their data held on file by the dealers.
Our industry experts are able to guide you on the impact of GDPR on the precious metals industry and how you can protect your data under the new laws. Call us on 020 7060 9992 or email us with your concerns and our experts will be happy to get in touch.
Image credits: Convert GDPR
Daniel Fisher formed physical Gold in 2008, after working in the financial industry for 20 years. He spent much of that time working within the new issue fixed income business at a top tier US bank. In this role, he traded a large book of fixed income securities, raised capital for some of the largest government, financial, and corporate institutions in the world and advised the leading global institutional investors. Daniel is CeFA registered and is a member of the Institute of Financial Planning.