Foration Blog

The complete guide to retaining data the FCA-compliant way

Paul Weeden

Written by Paul Weeden

Founder & Managing Director at Foration. IT and technology fixer.

[fa icon="clock-o"] 6 July 2016 [fa icon="user"] Paul Weeden [fa icon="folder-open'] advice, data protection, data security, IT support

Regardless of the size or nature of your organisation, if you’re handling, using or storing customer data of any kind then you have a legal obligation to ensure that it’s protected as rigorously as possible. This is the position taken by the Financial Compliance Authority (FCA) and something which all firms need to place high on their agenda when it comes to corporate responsibility.In this age of big data and the importance such information can have in delivering the edge in customer insight, how do you store and manage it while remaining compliant to the FCA?

The FCA’s view on data protection

A factsheet posted upon the FCA website highlights exactly why data protection is important,offering key points to which you should be adhering to in order stay on side.

The position is made crystal clear in the intro, informing readers that businesses need to treat data security with “the utmost seriousness,” adding that:

“Organisations holding individuals’ data must in particular take steps to ensure that it is adequately protected from loss or theft.”

So you need to be diligent in your risk assessment.

Physical Security

In our ever more digital environments, where data is stored to the cloud for example, it can be easy to overlook the good old-fashioned security of your premises.

But the FCA are clear that basic security against physical theft of data is very much the responsibility of the business. And something that needs to be actioned.

As with all risk assessments, there’s no 100% protection against theft or damage. However, you must demonstrate that all reasonable steps have been taken to safeguard data loss.

This might be:

  • CCTV
  • Effective access barriers (passcodes, smart card or similar)
  • Monitoring of visitors
  • Having security services on site

Taking Ownership

It might sound common-sense. But businesses need to have in place evidence that data protection is adequately managed. From assigning a person or team to be responsible for data protection to drawing up policies for data use. According to the FCA themselves, these ‘best practices’ should be:

“Proportionate, accurate and relevant to your day-to day business.”

Naturally this will be different depending on the size of company and nature of its business. Be it a fairly simple list of dos and don’ts to full blown audit trails.

Staff Choices

Any employee who will come into contact or have any responsibility for customer data needs to be trustworthy. Again, we can never safeguard 100% against an individual’s actions. However, measures in your recruitment and HR processes can demonstrate reasonable diligence on your part. Criminal checks and possibly regular checks on an employee’s financial status are such measures highlighted by the FCA.

How Your Staff Access Data

The FCA recognises that staff need to access data and that, frequently, data will be accessed across a range of devices in the office and remotely.

From a compliance point of view however, is the need for businesses to ensure that the appropriate access is granted to the appropriate people. This includes ensuring:

  • Staff only have access to what they need
  • Access rights are changed when roles change
  • Encrypting data that is accessed off-site
  • Access names and passwords adhere to Get Safe Online
  • Data Backups are regular and strictly enforced

The FCA recognise the important role data plays in a business’ operations. And accepts that there’s a requirement for fairly unobtrusive access to aid productivity.

However, the safety of this data is taken extremely seriously. By complying with their guidelines you can use data effectively and safely. And save you the damage and costs attached to falling foul of the rules.

For more information on IT support and services for regulated businesses, click below...

Regulated IT Support

Paul Weeden

Written by Paul Weeden

Founder & Managing Director at Foration. IT and technology fixer.

Subscribe to our Blog

Recent Posts