"The key here is putting reasonable processes in place that limit the potential for the loss of client data contained in paper files or unencrypted hardware"
An IRESS technology audit of adviser firms revealed gaps around information security and advisers’ readiness for GDPR.
The audit aimed to find if there were propositional and procedural gaps that could be holding firms back from growing profitably and safely.
IRESS said one of the more surprising statistics to emerge from the audit was that only 30% of those firms who took part stated that they are prevented from taking client files out of the office, despite recent high profile cases of data protection breaches.
When asked if advisers would be ready for GDPR, 42% said they are, 28% said they were making progress and 30% stated they would not be ready.
Mark Loosmore, executive general manager for wealth at IRESS, said: “The risks involved in taking client files that include personally identifiable and sensitive information out of the office are clear. There have been high profile instances of misplaced files or stolen laptops resulting in data protection breaches and considerable reputation damage to the organisations involved. There really is no need for firms to open themselves up to this kind of risk.
"Using strong encryption through back office software, that allows you to securely access all relevant client data remotely in a GDPR compliant manner, firms can safeguard against these kinds of avoidable data breaches. The key here is putting reasonable processes in place that limit the potential for the loss of client data contained in paper files or unencrypted hardware, such as laptops, tablets and mobile phones.
“Even if we assume that the 28% of those advisers who said they are working towards 25 May do meet the deadline, that still leaves three out of ten respondents who do not believe they will be ready for GDPR. Integrated software that can help adviser segment client data and manage communications efficiently are a vital piece of the jigsaw in helping advisers prepare for the new data protection rules that will be coming into effect.”