MiFID II & GDPR – How to Solve your Top 5 Digital Record-Keeping Concerns
Will you be ready for MiFID II?
Are you behind on GDPR, because you are focused on MiFID II?
Are you tired of people asking?
Thought so. Especially if you are one of the 64% of firms already lacking confidence that you will make it across the finish line on time.
Here’s another equally troubling question:
Do the digital record-keeping requirements of MiFID II and GDPR conflict?
MiFID II requires you to collect and store vast quantities of client data for many years. GDPR places restrictions on what data can be held, and for how long – and it grants clients the “right to be forgotten”.
Is there conflict?
Put simply: an investor cannot withdraw consent for the retention of suitability data, for example, despite GDPR. GDPR cannot override MiFID II and Anti Money Laundering legislation, which requires certain records to be retained for many years. So talk of a fundamental conflict seems unjustified.
But that’s not all.
If you cannot answer “YES” to all of the following questions, your business remains at risk of non-compliance.
- Can you capture all e-communications? This includes web-chat, and instant messaging – not only email.
- Once recorded, can you separate and retain only those e-communications that result in a trade or order, for MiFID II?
- Can you configure your recording solution to avoid capturing selected data items from the start, or must you record everything?
- Will you be able to access every e-communication record, within the 72 hour GDPR deadline?
- When clients exercise the GDPR “right to be forgotten”, can you delete part of their record, but not all of it, to comply with MiFID II?
If your digital record-keeping system is not robust enough to comply with MiFID II, and flexible enough to satisfy GDPR, Qumram has the answer.
Want to learn how you can record e-communications compliantly, for both MiFID II & GDPR? Visit the resource page.