Small business: What small businesses must know about GDPR and MiFID II
MiFID II (The Markets in Financial Instruments Directive) will be weaved into UK law from July 2017 and will demand immediate compliance from January 3rd 2018. It’s a weighty piece of regulation for the financial services industry and is applicable to anyone who provides services linked to financial instruments. So, even if you’re a lone IFA, you’re still duty bound to work within the new framework.
As a regulatory beast, it covers everything from pre-trade transparency requirements for organisations that trade in liquid shares to a narrowed list of execution-only products that companies can sell. Amid the mass of detail is a diktat that all communications that intend to lead to a transaction should be captured, recorded and stored in a secure way. This includes conversations over a personal mobile phone and face-to-face meetings.
We all know the saying, when it rains it pours. In March 2018, just as the legislation beds in, GDPR (General Data Protection Regulation) will make an entrance. GDPR promises to add serious muscle to the 1998 Data Protection Act by heavily penalising companies for failing to protect individuals’ data – meaning any recording policies under MiFID II will need to be considered within the context of preventing potential intrusions into privacy.