ICAG has over 30 years of experience of working with Chief Data Officers and Heads of Records Management in tier-1 Banks and Financial Institutions in relation to Enterprise Records Management. ICAG’s CEO, Subas Roy is a pioneer in Records Management transformation and regulatory compliance strategy in both North America and Europe.

BEST PRACTICE RECORDS MANAGEMENT GOVERNANCE MODEL

The best practice Records Management Governance and Operating Model needs to include a robust records management lifecycle and all other key associated processes including managing breaches, addressing regulatory concerns e.g., SEC Rule 17a(4), continuous monitoring and reporting, appropriate records retention and disposal.

RECORDS MANAGEMENT IMPACT ASSESSMENT (RMIA*)

ICAG’s proprietary Records Management Impact Assessment enables an organisation to take a quick-step assessment of the existing Records Management practices, gaps and improvements required, key regulatory issues and actions. The RMIA once complete also helps to create a multi-year Records Management programme implementation roadmap. Below is a quick reference guide diagram to RMIA which consists of the key Regulatory regime compliance including SEC rule 17a(4) WORM Compliance, UK ICO, ESMA and EU compliance, CFTC Rule 1.31 compliance.

Get in touch with Subas Roy (subas.roy@icagpartners.com) to discuss further.

Reform of the UK Data Privacy Law will create further requirements of recordkeeping for businesses

Access the Bill here Data Protection and Digital Information (No. 2) Bill – Parliamentary Bills – UK Parliament

The Data Protection and Digital Information (No. 2) Bill has been introduced to Parliament by the Government. This replaces the previous version of the Bill that was introduced last summer and which has now been withdrawn. The purpose of the Bill is to update and simplify the UK data protection framework in order to reduce compliance burdens for businesses, whilst ensuring that the UK’s high data protection standards are retained. The
Government has publicised the Bill as a “common sense led” UK version of GDPR which will “cut down pointless paperwork for businesses and reduce annoying cookie pop-ups”. The reforms will impact all UK businesses. Headline reforms include:

  1. organisations will only need to keep records of personal data processing if their processing activities are likely to pose high risks to the rights and freedoms of data subjects;
  1. creation of a new lawful basis for the processing of personal data where such processing is necessary for a recognised legitimate interest set out in secondary legislation;
  2. addition of non-exhaustive examples of the types of processing that may be necessary for a legitimate interest of the controller, including direct marketing, intra-group transmission that is necessary for internal administrative purposes and processing that is necessary to ensure the security of network and information systems;
  3. improved clarity on when safeguards for solely automated decision-making apply;
  4. broadening the circumstances in which organisations can refuse to answer a data subject access request, so that requests can be refused where they are vexatious or excessive;
  5. clarifying rules on international transfers of personal data, with a focus on data protection outcomes;
  6. making it easier to use personal data for scientific research;
  7. increasing fines for nuisance marketing;
  8. creating a framework for the regulation of UK digital verification services;
  9. facilitating creation and operation of smart data schemes; and
  10. reform of the Information Commissioner’s Office