<img src="https://secure.leadforensics.com/29321.png" style="display:none;">


Recommended Blogs

Twitter to increase character limit 'next week'
According to reports, Twitter’s long-awaited character limit increase will finally be introduced next week.  What is changing? In response to user feedback, Twitter has changed its character count. IThis means that: Photos Videos Gifs Quoted tweets Will no longer count towards the 140 character...
10 things to look for when choosing an automated workflow system
Regulated businesses are increasingly looking to automate their marketing processes. When you look at the potential benefits of automation, this isn’t surprising. Automating your processes can: Minimise the time you take to produce collateral Cut out unnecessary admin, duplication and rework Reduce...
Top 10 digital transformation trends for 2017
While it might seem early to be thinking about 2017, an article on Forbes.com this week shares predictions on digital transformation trends for the next year. The predictions, made by expert Daniel Newman make interesting reading. Here we share his thoughts and explore their relevance to regulated...

What can you learn from the new FCA/ICO update on GDPR?

Steve Coleman

GDPR Compliance

On February 8th, the Financial Conduct Authority and Information Commissioner's Office issued an update on the EU General Data Protection Regulation (GDPR).

What does the update say?

The update clarifies some questions regulated firms have raised with the Authority. It says that:

‘Firms have asked us about their ability to comply with both the GDPR and rules made by the FCA. We believe the GDPR does not impose requirements which are incompatible with the rules in the FCA Handbook.’

This is something we covered last year in GDPR for regulated firms – what do you need to know?

There we identified some of the requirements you’ll already be meeting, which give you a head-start on compliance – and some of the new demands which you’ll need to comply with.

The plus points:

  • You already operate with some degree of rigour. Complying with FCA requirements gives you an understanding of working in a heavily-regulated environment – for example around accurate record-keeping, a big focus of the new regulation.
  • Your culture (hopefully) already supports a compliant approach. The GDPR – as the update points out – ‘is now a board level responsibility’.

Firms are more likely to be compliant with existing FCA regulation if they have a culture where good behaviours are embedded.  If you’re not sure you fall into this camp, our recent blog on How to ensure your board is prepared for GDPR has some pointers.

  • Some FCA requirements already support the principles of the new regulation. The update says that ‘there are a number of requirements that are common to the GDPR and the financial regulatory regime detailed in the Handbook’.

Requirements around suitability, producing financial promotions that are fair, clear and not misleading and desired consumer outcomes all align neatly with the GDPR’s aim of improving the customer experience.


  • The GDPR has very specific requirements of its own that aren’t covered in existing regulation. Rules on consent; on opt-in; on data breaches.

Even if you meet your regulator’s current requirements, it’s likely you’ll have to up your data game in time for 25th May.

How will the FCA and ICO work together on the new data rules?

The update says that ‘While the ICO will regulate the GDPR, complying with the GDPR requirements is also something the FCA will consider under their rules’.

The financial regulator and the ICO say they will continue to collaborate in the coming months to address concerns raised by firms. They will revisit their existing Memorandum of Understanding to make sure it’s still fit for purpose in the new world.

What should firms be doing now?

One of the initial challenges with the GDPR was the lack of clarity around exactly what firms needed to do.

Last summer, the Information Commissioner’s Office published a series of blogs designed to increase this clarity and put a stop to some of the regulation’s ‘myths’.

You can read a summary of the ICO’s myth-busting blogs in GDPR – sorting the myths from the reality and How to separate GDPR compliance myths from reality.

If you want more detail on the new requirements, you can check you’re up to speed by reading GDPR compliance – do you know everything you need to? and find out how to avoid potential GDPR pitfalls in your marketing.

The ICO’s microsite is another good source of information. It’s where any new updates are posted, and has useful downloadable tools. The What’s new page is a particularly useful summary of developments by date.

Whether you’re tackling the GDPR or making sure you’re up to speed with other compliance rules, you’ll find our Compliance Guide to Financial Promotions useful.

It looks at the regulations governing your promotions and what you have to do to comply. You can get your free copy of the Guide here.

Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.

Compliance Guide to Financial Promotions


Topics: Compliance

Subscribe to our weekly blog

Tips and best practice for Compliance teams, along with the latest news and views.

  • 2018-05-18 14:36:25 Consent under GDPR – the latest guidance from the ICO

     The Information Commissioner’s Office has published its final detailed guidance on consent to help firms with their preparations for GDPR. Here we look at what this guidance tells us, and what you...

    Learn More
  • 2018-05-11 13:49:51 How to maximise success by combining email and social media

     On their own, both email and social media are powerful marketing channels. But use them in combination, and you can dramatically increase their impact. In this blog, we look at how the two channels...

    Learn More
  • 2018-05-04 13:15:28 Marketing teams benefit from new DotApprove upgrade

     In April, Perivan Technology released the latest, upgraded version of our DotApprove platform. What are the new features of the platform, and what benefits do they bring to regulated marketers?

    Learn More