Published by Julie Baillie on
Estimated reading time: 2 minutes
We all endured an inbox avalanche earlier in the year, emails begging us to opt-in, to stay in touch with everyone from our own banks to long-forgotten coffee shops. From a consumer point of view this provided a useful, one-off email-management exercise, putting a stop to unwanted emails that we could have sworn were already unsubscribed.
From a professional point of view we welcome all measures that help us to do the right thing by our clients, and that ensure we can rely on our third-party suppliers and providers to do the right thing by us. So for such a significant piece of legislation, why has the impact on our way of working been so limited?
The answer is simple. At Barnett Waddingham we were already complying fully with all the principles of the Data Protection Act 1998 (DPA 1998). The personal data we had about pension scheme members was being held securely and processed appropriately. We are ISO 27001:2013 and ISO 9001:2015 certified, demonstrating our commitment to Information Security and Quality Management. This meant our systems and processes were already robustly doing their job.
For us, then, the switch to GDPR has been straightforward. We only needed minor updates to some of our standard approaches to data use and storage, and a review exercise of historic data.
There is a new emphasis on accountability as a key principle and GDPR requires us to demonstrate that we can meet our obligations under GDPR (rather than just confirm it). To do this we are continually upgrading and adding new functionality to BWebstream Exchange, our online platform for secure exchange of data and correspondence, and as a result more and more clients are finding this a streamlined and convenient way to request and receive work from us. It provides a clear audit trail of data requests and submissions, and is a secure vehicle to deliver sensitive information.
"The BWebstream Exchange is a convenient and easy way to access confidential information, especially in light of the new GDPR Regulations, the improvements that allow you to only receive notifications that are relevant to you and the fact that you can draft a message before sending, came in at just the right time."
Marie Dunbar, TUPE Liaison Officer (Governance & Employer Liaison), Buckinghamshire County Council Pension Fund.
There has been little impact on the way that we process member data for our core actuarial work, but there has been a change in the way in which we contact people who want to hear from us. GDPR focusses on explicit consent and transparency in the way data is handled and so we made contact, prior to the enforcement date, to ask people to confirm their contact preferences. We are pleased that so many of our clients and professional contacts want to continue to receive our insights, newsletters and events invitations.