FCA rules trump EU data deletion law

An interesting aside to the GDPR coming into force at the end of this month means that Advisers such as myself won’t be expected to delete client information under incoming right to erasure rules, if it is subject to a record-keeping requirement set by the Financial Conduct Authority (FCA).

[If you are unaware of what GDPR stands for, and you are responsible for data keeping, you would be well advised to find out sharpish].

The FCA handbook specifies advisers must keep sufficient client information for the regulator to be able to monitor the firm’s compliance, including all services and transactions undertaken by it.

New rules introduced as part of the European Union’s General Data Protection Regulation (GDPR), which is to be enforced on 25 May, will allow clients to ask for their personal information to be erased.

This has led to some concern among advisers that clients could abuse this rule to weaken the adviser’s position before bringing a claim for compensation.

But the regulators have clarified that UK regulatory rules would come first when requests for file deletion are received.

The FCA points firms in the direction of the Information Commissioner’s Office (ICO), which oversees compliance with these rules, and has issued guidance stating firms can refuse to comply with a request for erasure if this is for the “exercise or defence of legal claims”.

It is understood the right to erasure does not provide an absolute ‘right to be forgotten’.

Instead, the broad principle underpinning it is to enable a person to request the deletion of personal data where there is no compelling reason for this to be kept, for instance for marketing purposes.