Skip to content
Small Business UK

Small Business UK

Advice and Ideas for UK Small Businesses and SMEs

  • Subscribe
  • facebook
  • twitter
  • linkedin
  • RSS
  • Starting
    • Advice
    • Funding
    • Ideas & planning
    • Investing in a franchise
    • Setting up a company
    • Sole trader
    • Success stories
    • Work life balance
  • Financing
    • Accounts & Tax
    • Alternative finance
      • Crowdfunding for Business
    • Banking
    • Business Loans
    • Grants
    • Payroll
  • Running
    • Business management
    • Buying and selling a company
    • Employing & managing staff
    • Export & Import
    • Finding and selling to customers
    • Insurance
    • Masterclass Series
    • International Business
    • Legal advice
    • Marketing
    • Office & home working
    • Getting Online
    • Technology
    • Productivity
    • Smart Energy GB
  • News
    • Law
    • Management
    • Opportunities
    • Outlook
    • Partner Content
  • Podcast
  • Guides
    • Guides
    • Series
  • Website Checker
  • Start a New Business
    • Setting up your business
    • Getting your business going
  • Start-Up Series
    • About
    • How to enter
    • Partners
  • Making Tax Digital
  • Funding Your Small Business
  • Taking Payments as a Small Business
  • Starting
    • Advice
    • Funding
    • Ideas & planning
    • Investing in a franchise
    • Setting up a company
    • Sole trader
    • Success stories
    • Work life balance
  • Financing
    • Accounts & Tax
    • Alternative finance
      • Crowdfunding for Business
    • Banking
    • Business Loans
    • Grants
    • Payroll
  • Running
    • Business management
    • Buying and selling a company
    • Employing & managing staff
    • Export & Import
    • Finding and selling to customers
    • Insurance
    • Masterclass Series
    • International Business
    • Legal advice
    • Marketing
    • Office & home working
    • Getting Online
    • Technology
    • Productivity
    • Smart Energy GB
  • News
    • Law
    • Management
    • Opportunities
    • Outlook
    • Partner Content
  • Podcast
  • Guides
    • Guides
    • Series
  • Website Checker
  • Start a New Business
    • Setting up your business
    • Getting your business going
  • Start-Up Series
    • About
    • How to enter
    • Partners
  • Making Tax Digital
  • Funding Your Small Business
  • Taking Payments as a Small Business
  • Subscribe
Home » Running a Business » Legal advice » What small businesses must know about GDPR and MiFID II

What small businesses must know about GDPR and MiFID II

Privacy is a key concern for citizens

by Small Business Team30 November 2016

In just over a year a heady cocktail of European legislation will come into force: MiFID II and GDPR. Here, James Foley explores what small businesses need to know.

MiFID II (The Markets in Financial Instruments Directive) will be weaved into UK law from July 2017 and will demand immediate compliance from January 3rd 2018. It’s a weighty piece of regulation for the financial services industry and is applicable to anyone who provides services linked to financial instruments. So, even if you’re a lone IFA, you’re still duty bound to work within the new framework.

As a regulatory beast, it covers everything from pre-trade transparency requirements for organisations that trade in liquid shares to a narrowed list of execution-only products that companies can sell. Amid the mass of detail is a diktat that all communications that intend to lead to a transaction should be captured, recorded and stored in a secure way. This includes conversations over a personal mobile phone and face-to-face meetings.

We all know the saying, when it rains it pours. In March 2018, just as the legislation beds in, GDPR (General Data Protection Regulation) will make an entrance. GDPR promises to add serious muscle to the 1998 Data Protection Act by heavily penalising companies for failing to protect individuals’ data – meaning any recording policies under MiFID II will need to be considered within the context of preventing potential intrusions into privacy.

And herein lies the rub. On the one hand, financial services companies now need to hold more data about customer transactions than ever before, which will increase the likelihood of inadvertently mislaying it or leaking data. On the other hand, they need to be extra vigilant about protecting their customers’ data. With GDPR, they’d probably rather curtail the amount of data they collect, rather than amass more. Unfortunately this isn’t an option.

A rude awakening

Almost six months ago, SmallBusiness.co.uk reported that 82 per cent of companies either haven’t heard of GDPR or don’t understand its impact.

GDPR is on the radar for large businesses but is still an unknown quantity for many smaller firms – even though it applies to the full spectrum of commercial entities, including sole traders working from home.

In fact, the regulation expects all controllers to take a more proactive approach to data protection and privacy and contains many articles that apply equally, no matter the size of organisation.

Big corporate customers may even view smaller firms a higher risk if they’re unable to demonstrate control over data processing. Meaning small companies could be due a rude awakening. And failure to comply means a firm could be fined 4 per cent of its global turnover.

Navigating muddy waters

The overlap between GDPR and MiFID II is a tad muddy. MiFID states the recording should be stored for five years, GDPR is vaguer and simply states that personal data shouldn’t be kept for any longer than needed. Is five years too long for a simple telephone conversation that didn’t lead to a transaction (but might have done)? Where’s the assurance that the legislations dovetail properly, or whether the right hand even knows what the left hand is doing?

In an uncertain environment, a company should strive for absolute security. Avoiding a difficult situation is far better than firefighting one. Given that human error is the most common cause of mishaps, automating the recording and secure storage of data is really the only recourse.

Finding resilience in the cloud

Naturally audio files are very expensive and will eat through storage capacity in no time at all. Using a cloud-based voice recording solution that encrypts data in transit, as well as rest, is therefore very important and will give businesses access to an infrastructure which far exceeds their own, in terms of sophistication and impenetrability.

Finding a viable means of recording business calls on a device, without also capturing personal calls is also a pressing new requirement. The simple act of recording non-work related conversations, let alone listening to them, would infringe GDPR. However, there is now a means of providing a dedicated business number on any iOS or Android mobile number, so business and personal communications can be split.

Using a central repository or vault with access control, real time monitoring and robust service level guarantees is also paramount. This all sounds very intimidating but in reality, all a company needs is access to a cloud based app available from their employees’ smartphones, like Resilient’s.

Business as usual

Despite the solution’s simplicity, you might question whether compliance is necessary given most of the UK public voted for Brexit on 23rd June. Because the government is yet to trigger Article 50 and it will take a further two years to exit the EU, the FCA has confirmed that much of the UK regulation derived from EU legislation will remain applicable until the negotiations are finalised and enacted. Meanwhile, the Information Commissioner’s Officer (ICO) has confirmed that if the UK wishes to trade with the EU single market on equal terms, post Brexit, it will need to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s GDPR framework.

This means, companies will need to prepare for both pieces of legislation while ensuring nothing falls between the cracks. Telephony is small but a significant piece of the MiFID II regulation. Given that next year will fly by, I suggest making compliance your new year’s resolution.

James Foley is vice president of customer experience at Resilient. 

Further reading on data

  • Are data and analytics skills more important than industry experience?

Tagged: GDPR, MIFID II

Related Topics

GDPR
MIFID II

Leave a comment

You must be logged in to post a comment.

Related Stories

Legal advice

Plastic Packaging Tax – what does it mean for my small business?

From April 2022, businesses will be liable to pay Plastic Packaging Tax. We explore what it is and whether it will affect you

Legal advice

How to obtain a UK patent – a 10-point checklist

Obtaining a patent can be time-consuming and expensive. But a patent can prevent others from using your invention, generate licensing income, encourage investment and even lower your tax bill

Legal advice

Can my employer stop me from setting up a competing business?

What you can and can’t do when setting up in competition against your former employment is often in the fine print of your contract, warns Harper James Solicitors

Legal advice

GDPR three years on: make sure your small business is compliant

Many small businesses think if they just ignore the EU’s GDPR regulations, they will just go away. Lawyer Chris Cook warns SMEs they face crippling fines if they do nothing

Helping you grow your business is our number one priority, if you would like to take your business to the next step just sign up!

sign up now

Related Stories

Legal advice

Plastic Packaging Tax – what does it mean for my small business?

From April 2022, businesses will be liable to pay Plastic Packaging Tax. We explore what it is and whether it will affect you

Legal advice

How to obtain a UK patent – a 10-point checklist

Obtaining a patent can be time-consuming and expensive. But a patent can prevent others from using your invention, generate licensing income, encourage investment and even lower your tax bill

Legal advice

Can my employer stop me from setting up a competing business?

What you can and can’t do when setting up in competition against your former employment is often in the fine print of your contract, warns Harper James Solicitors

Legal advice

How to avoid unfair dismissal claims

Simon Robinson, managing partner of RobinsonRalph, gives an overview of the basics to help you avoid paying any unnecessary compensation and explains the basis for claims of unfair dismissal.

SmallBusiness.co.uk provides advice and useful guides to UK sole traders and small businesses. Our goal is to help owner managers and entrepreneurs to start, run, grow and succeed in business, helping turn your business idea into a profitable business.

The Bonhill Network

  • Bonhill Group plc
  • Information Age
  • InvestmentNews
  • What Investment
  • Growth Business
  • Tax Guide
  • DiversityQ

Further Information

  • Contact Details
  • Privacy Policy
  • Cookie Policy
  • Terms & Conditions
  • Blog
  • About this Website
  • Media Packs
  • Contributor guidelines
  • Small Business Whitepapers

Contact us

  • 0207 7638 6378

Address

  • Bonhill Group plc
  • 29 Clerkenwell Road
  • London
  • EC1M 5RN

A part of the Bonhill Group