We have put together a few of our thoughts on GDPR and how it will affect mortgage intermediaries in the Q&A below.
How is your business preparing for GDPR?
Vida Homeloans has a GDPR implementation project which began in May 2017 and will align our business to the new requirements. An initial impact analysis was conducted against current activity comparative to what’s expected under the GDPR. This enabled the identification of the actions required to make the necessary changes to our data protection framework well before the 25th May 2018 deadline.
Will Mortgage Brokers notice a change to the way you handle their customer’s details or to your documents and processes?Mortgage brokers will not notice a change in the way that we process their clients’ applications. There will be changes in the way data is handled internally here at Vida to align to our legal obligations as a Data Controller. However, the interaction between Vida and brokers will remain the same.
What is the greatest threat GDPR poses to Mortgage Brokers?
The penalty for non-compliance with the GDPR could be a significant fine of up to €20m or 4% of group annual global turnover. This risk is mitigated by documenting data protection policies and procedures that describe (amongst others):
- how to handle various customer requests according to their enhanced right
- the maintenance of a detailed data inventory which documents all data held, how it is processed and the legal basis for processing
These will demonstrate a high level of understanding of the requirements and support the operational control framework should a third party such as the ICO request an insight.
What positive effects do you feel GDPR will have on the mortgage industry?
A lot of the principles that lead to ‘best practice’ data protection processes already exist under the present Data Protection Act. However, the enforcement mechanisms have changed considerably to drive a high standard of behaviour. This ultimately means significant benefits to a company in terms of increasing customers’ trust and decreasing business risk.
What do you think the greatest challenge will be for today’s Mortgage Brokers?
Their greatest challenge is likely to be the implementation and documentation of a robust control framework that incorporates all requirements under the GDPR.
5 Top Tips for Brokers include:
- Do NOT ignore the GDPR. However, do not panic. The GDPR may have less of an impact than you imagine. Have a GDPR Champion to help implement the regulation.
- Ensure the relevant documentation is in place including policies, procedures and a data inventory.
- Gain an appropriate level of awareness of the key GDPR features including, but not limited to, consumer rights, consent requirements, Fair Processing Notices and data breach reporting.
- Make sure you have secure filing systems (physical and digital).
- Understand data collection, retention, transfer, storage and deletion requirements.
Do you feel Mortgage Brokers are adequately preparing their business for these changes?
Market surveys suggest that preparations could be improved. It is important to stay calm, read the new rules and understand the level of impact and prepare your business for 25th May 2018. The cost of non-compliance with the GDPR could be high and, given that mortgage brokers will be impacted, you have an obligation to effectively prepare for these changes now.