GDPR introduces a number of regulations which will affect financial advisers, including the right to erasure, meaning an individual can request the deletion of personal data relating to them, and the right to access, meaning an individual can demand information on how their data is being used and a free copy of their personal data.
It also introduces the right to data portability, which means a person must be able to transfer their personal data from one system to another without being prevented by the handler of their data.
Meanwhile explicit consent must be obtained for the collection of data and all the purposes it is used for, while all data breaches must be reported within 72 hours.
VouchedFor has said it is up to advisers to make sure they are handling data which comes through its service in a compliant way, meaning it will not be carrying out this service on their behalf.
A spokesman for VouchedFor said: "We have an appointed data protection officer in place and a clear roadmap of work underway to ensure that we are fully compliant with GDPR well ahead of the deadline.
"As far as consumers are concerned - connecting consumers with advisers is a core part of our service, therefore our GDPR obligations are largely addressed through establishing and recording legitimate interest.
"This also means that advisers are not classed as data processors of VouchedFor, they need to ensure the management of their database - which may contain enquiries from us - is GDPR compliant."
A spokesman for Unbiased said: "Data and data privacy is very important to Unbiased and, like adviser businesses, we are working to ensure that we are compliant with the GDPR regulations ahead of May.
"Enquiries shared between Unbiased and the advisers will fall under GDPR regulation. Both parties need to ensure they share and process data with each other in a GDPR compliant way."
damian.fantato@ft.com
