Holding clients’ personal data could lead to lawsuits

In May 2018, the EU’s General Data Protection Regulation, which aims to strengthen data protection for its citizens, is due to come into force. Under the new rules firms face fines of up to 20 million euros or four per cent of their worldwide turnover, if they breach the regulations.

All organisations – from multinational companies to charities – will need to ensure that the personal data they store is secure, not held for longer than necessary and is not excessive to their business requirements.

Personal information held on social media will also be more strictly protected and individuals will have greater rights to access their personal data and will have the right to know if it is being held by a company.

Mathew Beale and Marc Allenet of compliance consultants Comsure said that GDPR – which will apply to Jersey – could mean that common practices like looking up the personal details of finance clients or viewing a potential employees’ personal details on Facebook could become illegal.

Mr Beale said that the new regime could also conflict with other regulations such as those of the Jersey Financial Services Commission, which requires finance firms to carry out strict background checks on their clients as part of its anti-money-laundering rules.

‘In financial services the case has been the more information you hold about your clients the better,’ he said.

‘But with GDPR it will be the opposite – it’s the case that the less personal information you hold the better.

‘And you could in future find yourself in trouble for looking up someone on Facebook or LinkedIn, if they find your digital footprint on their profile.’

Mr Beale said that it was yet to be determined in what circumstances Jersey’s finance laws or GDPR would conflict and which would take precedence in specific cases.

‘The Jersey law has not been written yet. It might take a few cases before we know where we are exactly,’ he said.

‘There are three areas of law where you can fall foul – regulations, criminal law and civil cases. For financial services, civil cases are a particular issue because they have very wealthy clients.

‘If you are going to sue someone, you need money and a lot of the people that finance deal with, do.’

Mr Allenet added: ‘There are data hosting services which can help protect people from GDPR but it won’t protect them entirely.’

He added, however, that GDPR could be an opportunity for Jersey to sell i tself as a well-regulated jurisdiction, if it is well-prepared.

– Advertisement –
– Advertisement –