You might have noticed the term “GDPR” floating around recently. We’d like to fill you in on how the new General Data Protection Regulations coming out of Europe will affect you, what GDPR means for your website, and what we’re doing to accommodate these changes. Read on to learn more.
What is GDPR?
After several years of deliberation about protecting data privacy, the European Union Parliament passed the General Data Protection Regulation in 2016 and made the regulations enforceable as of May 25, 2018. This new set of rules is meant to allow Europeans to exercise greater control over how their personal data is used, and provide a streamlined set of standards so residents and companies across all European nations can benefit from the digital economy.
Who is impacted?
These rules apply to businesses inside the EU, and any organizations outside the EU that offer goods or services to those in the EU. The GDPR guidelines are quite technical, and many of the details are still being debated. However, we take the view that financial advisors registered to provide financial advisory services in the U.S. and who serve U.S. clients (in other words, the vast majority of FMG Suite subscribers) are not likely impacted by the GDPR at this time.
What if I don’t want to do business with anyone in the EU?
When we release universal SSL later this year, we plan to offer an option that will allow you to block traffic to your website from the EU. This option, in addition to removing all EU residents from your contacts lists, could allow you to avoid GDPR compliance entirely. Numerous prominent US news sources have taken this approach, including the Los Angeles Times, the Chicago Tribune, the Orlando Sentinel and many others.
What if I want to be GDPR compliant?
Because we agree with the spirit of the GDPR, we are taking proportionate steps to make it easier for you to address the Regulation when using our software. Under the GDPR, EU citizens have new rights to their personal data. As an advisor, you can choose to help your clients and prospects exercise those rights. To be GDPR compliant, you should:
- Get consent if you are going to store cookies that track your clients
- Obtain informed, explicit consent before collecting data from your clients and prospects
- Implement best practices to securely handle any data you collect
- Provide a copy of data you’ve collected if clients ask for it
- Delete data you’ve collected if a client asks you to
- Update a client’s data if the client asks you to
How can FMG Suite’s platform help you meet GDPR requirements?
- Get consent if you are going to store cookies that track your clients
Our platform does not use cookies to track customers, and all of our forms and popups conform to GDPR requirements. Additionally, we have configured our Google Analytics to implement IP masking, and we suggest you do the same. Unless you’ve added third-party tools to your site that store cookies or request data, you’re in good shape. If you do add such tools, you may need to implement a cookie notice on your site; work with them directly on GDPR compliance. Our updated terms (coming soon) will make it clear that we are not responsible for third-party tools. - Obtain informed, explicit consent before collecting data from your clients and prospects
All of the forms we provide for use on your website are explicit about the data they are collecting and require positive opt-in where appropriate. If you use third-party forms on your website, you will need to make sure you are clear about the reason you are requesting information and avoid pre-ticked checkboxes or other methods of consent by default. Additionally, if you send campaigns like Monthly Market Insights or Holiday Greetings to all of your contacts instead of to a specific group, to be GDPR compliant you should create a group of U.S. residents and use this group for your ongoing client communications. - Implement industry best practices to securely handle any data you collect
We already use SSL for forms on your website, and we encrypt that data and store it in a secure data center. In the coming months, we will roll out the ability to turn SSL on for your entire website at no additional cost to you. - Provide a copy of the data collected if clients ask for it
The data our platform collects on your clients and prospects is tied to email activity. Every time you send an email, we record open rates and click-through stats. Under GDPR, you would need to provide that data to clients upon request. We have made this process easy. On the contacts screen, each contact has a view history link; from there, you can download a .csv file of a contact’s activity and email it to them directly. - Delete data you’ve collected if a client asks
If a client asks you to delete their data, simply call our service team and they will take care of this for you. In the future, we will add an option on every contact to “clear history” so you can delete their data yourself. - Update a client’s data if the client asks you to
Our platform stores client and prospect data in your contact management system. If a client requests a change to that data, you can edit it directly in the system as long as you aren’t synced with a CRM. If your contacts are synced, then you will need to change the data directly in your CRM for it to update in our platform.
What happens next?
Data protection is an issue that’s important to us, and we plan to implement continuous improvements in the coming months. Our terms and conditions will be updated soon to reflect our commitment to data protection and privacy. It’s important for you to know that FMG Suite products are not designed to be used to market to Europeans, nor to communicate with European clients. While we believe our platform and products currently meet the spirit of the GDPR, we plan to make changes to make full compliance even easier for you.
Where can you get more information?
- Michael Kitces published a thorough blog on GDPR for advisors
- Your broker-dealer can likely provide additional guidance
