Whilst awareness of the General Data Protection Regulation (GDPR) has certainly improved in early 2018 – how can it not have, given the coverage the regulation is receiving? – there is still work to be done for UK financial advice firms in getting ready for 25 May.
We ran a survey of Intelligent Office users last September to find out how people were getting on with their preparations. The most startling revelation of that survey was that some 9% of responders didn’t know what the GDPR is.
270 people participated in that survey. Over the past month, we have been running an assessment on our site, open to everyone and still open to everyone here, which poses 15 questions to test participants’ knowledge of the regulation. At the time of writing we have had 245 participants in the assessment, broadly similar to the number who completed our survey.
The opening question, ‘what does GDPR stand for?’ is an indicative comparison point in both exercises. Whilst back in September 9% didn’t know what it was, that number has fallen to 1.3% in April. That’s a 7.7% increase in awareness in seven months, which shows the progress that has been made in the industry.
Of course, back in September, the spectre of MiFID II loomed large. That was the first hurdle in the eyeline of advice firms. But of course, working in financial services, regulation can feel like running the Grand National without the race ever actually finishing – it’s just a purgatory of endless hurdles to be cleared. As such, regulatory fatigue is a very real issue.
Once 3 January had come and gone, regulatory sights were realigned and the GDPR is now in the eyeline, with firms preparing themselves to clear this fence. Much like Becher’s Brook, however, there’s no guarantee of a clean landing on the other side.
This is highlighted by the results from our assessment. Whilst it is doubtless encouraging that the industry as a whole is seemingly aware of what of is coming, seeing and identifying a hurdle are different from actually clearing it.
Only 18% of respondents, 45 out of 245, attained ‘Expert’ level in the assessment. That is, only 18% achieved a score higher than 90%. Is it the case, then, that only 18% of the financial industry is approaching this regulatory Becher’s Brook with any assurances of still being in the race on the other side?
That may not sound as farfetched as it initially seems. For all the talk of bumper fines under the GDPR, of more acute concern should be reputational damage that firms could suffer. As Facebook is discovering at the moment, people are increasingly aware, and concerned, about what the hell firms are doing with their data. This will extend to everyone once the GDPR goes live. An errant email here, some misplaced information there or, heaven forbid, a data hack and any firm, in any industry, could soon find itself in for a hard landing.
142 of our respondents, 58%, attained ‘Pro’ level, scoring over 60%. There are two ways of looking at this figure. Firstly, that it’s broadly encouraging; there is a sound level of industry awareness regarding the regulation which should encourage people to get their data houses in order. Secondly, that it’s not quite good enough. There is knowledge, but is there sufficient understanding?
Looking further down, 58 respondents, 24%, attained ‘Rookie’ level, scoring below 60%. The worrying thing here is that this is higher than those attaining ‘Expert’ level.
So, with a major hurdle fast approaching, there is a lot of positioning for advice firms to do before they can clear it with confidence. The encouraging element is that, at the very least, most of the riders are aware that there is a fence coming.
