Month: November 2019

Brexit
MarketsRegulationSecurities

GDPR post Brexit and the impact on financial services

Brexit

GDPR post Brexit and the impact on financial services

By Ian Osborne, UK & Ireland VP, Shred-it

October 31st has been and gone. Yet despite the Prime Minister promising to deliver Brexit by this date, the UK remains part of the EU at least until January 31st 2020, following last week’s confirmation of the extension. And even then, it is still not clear exactly what will be, as MPs are interrogating the deal while preparing for a General Election on 12th December.

Like many industries, financial services have felt the effects of uncertainty surrounding if, how and when the UK will leave the EU. With London the epicentre for financial services in Europe, the wider potential impact is enormous.

The biggest fear amongst the business community has been that global companies will move their operations from the UK to other countries within the Eurozone.  Another cause for concern has been that companies will increasingly pause or divert investment in the UK, leaving Britain’s economy in stagnation.

On a more operational level however, there remain questions around EU regulations and how Brexit will impact financial services businesses from a regulatory perspective.  Take data protection, which was brought to attention last year with the introduction of the EU’s GDPR, and is today a big challenge for the industry.

According to data from the Ponemon Institute in 2017, financial services companies that experienced an information breach suffered the highest cost per capita than any other industry, at £154.  Furthermore, data left in insecure locations was the number one source of reported incidents in the finance sector in the UK (PwC for the ICO 2017).

Guidance from the Information Commissioners’ Office has recently confirmed that most of the data protection rules affecting businesses will remain the same post-Brexit.  The good news is that financial services companies that comply with GDPR and have no contacts or customers in the EEA (which constitutes EU countries plus Iceland, Norway and Liechtenstein) don’t need to do much more to prepare for data protection after Brexit.

However, organisations that receive personal data from contacts within the EEA must take additional steps to ensure they are fully compliant after Brexit, which may require designating a representative in the EEA.

Brexit aside, there remain questions as to how compliant with GDPR businesses are across the UK, despite it being a year since the legislation was introduced.  Financial services organisations that saw the introduction of GDPR as an opportunity to get their data-house in order and to improve the quality of the personal data they store are certainly reaping the benefits of last year’s GDPR efforts.

To assess the attitude of businesses in general, Shred-it commissioned a survey of 1,439 UK-based SMEs (under 500 employees) which found that 72 per cent of respondents said they were very aware of GDPR.

While this presents positive news, the biggest concern is whether that confidence in GDPR-readiness is justified. Less than half (45 per cent) of the firms who said they were ready to deal with data protection requirements also said they had reviewed their policies recently. Just over a third had contacted their customers to confirm consent to data use, less than a quarter had published a privacy notice, and just over two in 10 had reviewed, deleted or destroyed personal data.

These results suggest that businesses across all sectors – including financial services – need to take a more proactive approach to data protection.

So how can financial services firms ensure they are GDPR compliant?

Keep up to date with privacy laws

First things first. Businesses must stay up to date with privacy laws and understand what action – if any – they need to take to comply – particularly post-Brexit. Clear guidance is provided by the ICO website.

Customer communication has changed

Since the introduction of GDPR in 2018, financial services companies have had to rethink their strategies for communicating with customers. For example, customer e-marketing activities, such as newsletters, now require assessment post-GDPR and businesses must seek permission from customers to store their personal data and contact them with offers and promotions.

Protect your digital data

It’s important to remember that data protection refers to both digital information, as well as paper records. For digital data, financial services firms can take simple measures to ensure they are compliant with GDPR, including setting secure usernames, passwords and PINs for all devices, installing anti-virus software and a firewall on hard drives, avoiding posting confidential files on social media platforms, and avoiding opening files or links from an unknown sender.

Don’t forget paper records  

Not everything you collect, store, or handle is digital. When financial forecasts or year-end results are printed for a meeting, when reports or agendas are circulated for a meeting, they are at risk of getting into the wrong hands if they are not handled and disposed of properly and securely. Best practice should include the provision of locked confidential information consoles that are easily accessible, and company-wide policies that encourage a clean desk at night.

Business leaders should also be arranging for the secure destruction of documents after use or after prescribed periods of mandated storage, keeping only digital copies of essential files in an encrypted format.

Educate staff on data protection policy

In an industry that relies on privacy and confidentiality, the reality is that many information breaches happen not because of inferior firewalls or passwords, but because of employee error, negligence, or poor judgement. You may be doing everything you can but one employee, casually dropping a draft financial report into the recycling, can undo everything.

Finance services companies must have a strict policy on how to identify, handle and securely dispose of confidential information, that is communicated clearly to all employees and updated whenever necessary to avoid a potential breach.

Ian Osbourne
This article was written by Ian Osborne, UK & Ireland VP, Shred-it
R&D tax relief
Corporate TaxRegulationTax

Manufacturers top the R&D tax relief table – is your sector lagging behind?

R&D tax relief

Manufacturers top the R&D tax relief table - is your sector lagging behind?

Manufacturing firms claimed £1.25bn using R&D tax relief in the 2017-18 financial year, more than any other industry sector, a study from R&D tax credit experts, RIFT Research and Development reveals.

Manufacturing firms also made the highest number of claims over the period, at 11,925.

The R&D tax relief scheme is effectively Corporation Tax relief that can reduce a company’s tax bill and R&D specialists, RIFT, have dissected the latest industry data. This shows which sectors are submitting the most claims, the sectors being awarded the most in successful claims, and those that are bringing home the largest sums financially with just a single claim.

Other major users of R&D tax relief

Professional, Scientific & Technical firms came in second by amount, claiming £1.02bn annually. Behind that sector was Information & Communication (£820m), Wholesale & Retail Trade, Repairs (£235m) and Financial & Insurance firms (£215m). The smallest amounts claimed were from firms in Accommodation & Food (£5m), Real Estate (£10m), and Electricity, Gas, Steam and Air Conditioning (£10m).

Information & Communications rank high on number of claims

Information & Communication firms made 11,635 claims over the period, the second highest behind Manufacturing. Professional, Scientific & Technical firms were also responsible for 9,545 claims. There were only 125 claims for the Electricity, Gas, Steam and Air Conditioning sector, while there were just 215 claims by Real Estate firms. 

Mining & Quarrying dominate high value claims

The Mining & Quarrying sector has by far the largest average claim amount, at £1.16bn. However, despite the extremely high value, there were only 95 claims over the course of the year in that sector.

Other high value sectors per average claim were Financial & Insurance firms (£232,400), while third on the list was Arts, Entertainment & Recreation (£157,900). Once again Accommodation & Food was the smallest sector regarding claims (£21,700), while another comparatively low value sector was Wholesale & Retail Trade, Repairs (£44,000).

Head of RIFT Research and Development Limited, Sarah Collins commented:

“It’s been interesting to see how the dynamics of the research and development landscape have changed, as more and more companies from a wide variety of sectors have started to utilise the scheme.

“Of course, a sector like manufacturing is likely to provide more regular opportunities to further develop the practices being used through R&D and so it’s no surprise that it leads the way for both the total amount claimed and the number of claims. However, when it comes to the value of the claim, it can very much be a case of quality over quantity, with some of the less prolific sectors for overall claims contributing with some of the highest values of R&D tax relief.”

Sector League Table - £ amount claimed
Sector League Table - Number of claims
Ranking League Table - average £ per claim