A post GDPR World

A post GDPR World

Now that the General Data Protection Regulation (GDPR) has finally come into effect, businesses are beginning to come to terms with the sheer magnitude of the changes and the serious ramifications that they will inevitably have on their day-to-day working lives. In short, GDPR constitutes the most significant and far reaching changes to EU privacy laws for more than two decades, setting a new worldwide precedent for privacy rights by emphasising obligations in relation to personal consent as well as access to or erasure of personal information.

Brokers could be forgiven for thinking that this mostly applies to the big boys – not them. Companies or businesses can now be held accountable for any suspected or reported breach of data (something that they are now obliged to do within 72 hours) with associated penalties of up to £17 million or 4% of annual turnover for any infringements that are deemed to be particularly damaging- a sobering reminder of the fundamental importance that vigilance and heightened security will now play within the financial and commercial sectors. This is why so many companies have overhauled existing systems or created automated privacy mechanisms from scratch in order to meet the stringent new regulatory requirements especially when handling large quantities of personal data.

Whilst the same rules apply to brokers they are less likely to see GDPR as high risk> a £17 million fine exists in another world and the chances of being the target of a hacker are slim. Nonetheless they still need a process to provide a privacy policy every time, have appropriate consents and a means of managing data requests. But the biggest potential change brokers will feel is in the use of email.

E-mails have traditionally provided the easiest and most widely accepted basis for customer engagement over the past few decades (200 billion of them are sent every day!) and DIP forms with customer data, application documents, payslips (the list is massive) have been routinely attached to emails with hardly a glitch or complaint. Yet new legislative demands seem certain to consign these ubiquitous messages to the dustbin of history. Why?

Well, the answer is simple- e-mails just aren’t thought secure enough. They can, in theory, be read at any stage along their ‘journey’; whether by accessing the internal storage of an individual device, exploiting network vulnerabilities or via the many, many servers through which the messages pass.

They are also susceptible to incidences of ‘human error’ (such as by accidently sending information to a wrong address)- a potentially costly error when one considers the long list of inclusions which are defined by GDPR as ‘personal data’ (names, addresses, telephone numbers etc etc). In addition, there is the omnipresent threat of organised ‘surveillance’- by ‘line tapping’ or criminal malware programs which scan messages for sensitive information (such as passwords, credit card numbers etc).

So where does that leave the broker fraternity. Sending encrypted emails is cumbersome to say the least so what is the alternative? Well, in a word secure portals. Specifically developed, multi-platform websites which combine information from a variety of different sources to provide a single point of access. and most lenders already offer portals where brokers can download, upload, view and store documents relating to an application.

Systems such as these work by maintaining all communications (including e-mails) within the borders of the portal itself, requiring both senders and recipients to access their mail by logging in with usernames and passwords. This ensures that businesses can provide their customers with a secure means of authentication and authorisation, while also maintaining ease of use- the primary consideration by which most consumers measure or judge service providers.

In reality, going forward, we will all be using a combination of emails – providing they don’t contain personal information – and portals to send and receive DIP’s, mortgage offers and all supporting information. But whilst the mainstream lenders have big budgets to throw at technology, the specialist sector, packagers and master brokers need to catch up and offer their brokers secure portals where a broker can see everything going on with a specific case and communicate through the portal. Watch this space.

Brokers. Get used to having multiple portals saved as bookmarks on your PC and hope they all have an option to remember your password. The dawn of the portal is now and the good ones will enhance your business and give you a clearer view into the detail of every application. For old school brokers who are just getting used to email the portal will quickly become as familiar as a smart phone. If you dream of the days where your case updates are so clear that you never have to pick up the phone, that day may just be around the corner.
Seek out firms which offer a good portal based experience – it will keep your clients data safer and, if you use the other features, will keep you better informed.

www.promisemoney.co.uk

01902 585052