<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Get started

    GDPR and Management of Vulnerable Customers

    Published on 18 Apr 2018 by Martin Schofield

    Why managing vulnerable customers has never been more important

    With GDPR, comes a widening in scope of what constitutes personal data and a reclassification of sensitive data, to special categories of personal data, but the meaning behind this data, and the importance of its security has perhaps never been more important than it is now.

    Since 2015, we have seen regulatory interest move into the more softer side of compliance, with financial services firms being asked to look at how they manage vulnerable customers, and more recently with a discussion paper being issued on transforming culture within firms. Whilst this attention to topics has moved to what is often badged as “soft skills”, the impact from the regulators for getting it wrong is still strong and hard, as the likes of William Hill discovered recently.

    However, with firms being encouraged to identify those customers who are more vulnerable than others, for example, due to their state of mental capacity, or having been diagnosed with a terminal illness, the category and level of data that a firm could now hold on a customer, could far exceed their original expectations and be far more reaching into the personal life of the customer than they initially had established data storage and retention controls for.

    We have all seen examples in the press, where an elderly or infirm person has money extorted from them by rogue builders, abusive relatives or carers, and the pitiful financial situation that such activity can leave people in.  Now, with people falling into these types of categories being classified as vulnerable customers, and firms being expected to have identified them, and have procedures in place to manage these relationships more effectively, this extra level of personal data will also need to be protected. Where will firms store this information? How will it be protected? Who will be able to access it? When does it get deleted?

    Further, the more information that is collected on an individual, especially of the nature that we are talking about here, the more chance there will be that mistakes will be made, data will be recorded incorrectly and rectification notices issued by the data subject, or restrictions issued relating to how this data can be processed by the firm and ultimately rights to be deleted exercised, with the more places that data is stored, presenting an even larger task to the data controller to identify them and delete them.

    Finally, for consideration, is the matter of data value. If a firm is required to identify and store details of its vulnerable customers, then such a “list” or “database” would become a very valuable commodity to the criminal fraternity, almost a shopping list of who’s who in a world of potential victims.

    This opens up distinct possibilities of increased cyber-attacks, external fraud and collusive fraud, and even bribery, with a firm’s staff being targeting by criminals and bribed to supply details of, or access to the “lists” or “databases”.

    The effective management of vulnerable customers is an absolute must, not only as a regulatory expectation, but also from a good business practice and social responsibility viewpoint. However, firms need to be mindful that by so doing, they do not, through lax data protection controls, inadvertently increase this level of vulnerability to unprecedented levels.

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment


    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Download now

    The Biggest Financial Crime Fines

    Monetary fines are the most common punishment for financial crimes. They serve as a powerful tool for encouraging companies to apply best practices to ensure 100% compliance. Yet, despite all the ...

    Read More
    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More
    Highest FCA Fines of 2019

    The FCA issued a record total of £392 million in fines in 2019. In fact, the two largest fines in 2019 were larger than the 2018 totals. We've analysed they key corporate and individual fines in ...

    Read More