UK regulators have reminded banks and other financial services firms they will have to comply with multiple sets of European data protection rules in the coming months.
The EU General Data Protection Regulation (GDPR) represents the largest overhauls of data protection laws for 20 years, and will apply to the UK market from 25 May this year.
The UK Financial Conduct Authority (FCA) and the Information Commissioners Office (ICO) have highlighted that there will not be a conflict with other data requirements.
Banks have been unclear whether they will have to jointly comply with the GDPR as well as the FCA’s rules on processing personal data.
“We believe the GDPR does not impose requirements which are incompatible with the rules in the FCA Handbook,” the FCA stated.
“Compliance with GDPR is now a board level responsibility, and firms must be able to produce evidence to demonstrate the steps that they have taken to comply.”
The FCA added it would be hosting a GDPR roundtable with the ICO for firms and industry bodies to listen to industry concerns.
GDPR is set to be particularly challenging for custodian banks to make sure the vast amounts of data they sit on through their asset servicing and transfer agency businesses is not compromised.
Some firms have identified that they will have spend millions in upend their IT systems to ensure the have proper processes to classify, track, and even delete personal data.
The FCA added while the ICO will regulate the GDPR, the regulatory watchdog would consider certain aspects of the rules to come under their authority.