Let's be clear about this - we can help you with some aspects of GDPR compliance but there is a lot that you need to do that is unrelated to using onkho or any software for that matter. That being said, we can help you with some very real challenges that you will face. In this post, we highlight specific areas related to GDPR compliance and common sense information risks where we are working on solutions.
Getting consent from clients
This is the process of asking your clients for permission to collect, store and use their information. To do this you will be able to use our Message Templates to create a single consent message that you can send to all of your existing clients in one go - like a mail or document merge. You can use the same message template for onboarding new clients as well. Create once and re-use as many times as you need.
Giving clients access to information about them that you hold
Your clients have the right to ask you what personal information you hold about them. You can create a standard response using our Message Templates that has all of the personal information you have and then use it every time you receive a request. This will allow you to respond quickly and in a consistent way.
We will also be providing access via our Client Portal which is a secure place that your clients can access across the internet. In addition to seeing what information you hold, they will also be able to update the information and access and submit documents.
Deleting information about clients
Your clients have the right to ask you to delete and forget about them.
When you delete a client, the client disappears from your client list but still exists in our platform. This is to allow you time to change your mind. If we don't hear from you, we will go ahead and delete the client permanently 30 days later.
You can create a standard response using our Message Templates that explains how this delete process will work. This will allow you to respond quickly and in a consistent way.
Reducing the risk of loss or misuse of information
If you were to fall foul of the GDPR you could face a financial fine of up to 4% of your annual fee income. To help reduce the risk of this happening, we're adding some common sense features to beef up your defences:
Automated email verification for Clients. This will happen as part of the sign up to the Client Portal and will reduce the chances of sending information and documents to the wrong person due to misspelling an email address.
Secure access to documents. Rather than take the risk of sending documents over the internet as email attachments, you will make documents available through the Client Portal instead. In this way, you can avoid the administrative overhead of password protecting every document and avoid the risks associated with transferring documents across email.
Location based verification of team logins. We will start tracking where your team members are logging in from and you will be alerted if the location changes. We will not prevent this access as it may be genuine and time-sensitive. However, by being notified you can take actions if you think its suspicious.
Controlled access for the Success Team. From time to time, you may need the Success Team's help and that may mean that we need to look at your Client information. If this is the case, you will temporarily add us to your team and then remove us when we're done. This is the only time that the Success Team or anyone at onkho will actually see your Client information and it's in your control.
Also, please remember that you have unlimited team members on all of our plans so there is no reason for your team members to share logins. If they're doing this, you should stop it immediately as it makes it impossible for you to know who has changed a Client's data. This will be very important information if something was to go wrong.
When will everything be available?
We're working on Messaging Templates and the Client Portal already and will be delivering them in phases. The first phases will be delivered in May to ensure that you have the basic things you need. The remaining phases will come in June.
Security updates (Automated email verification for Clients, location based verification of team logins and controlled access for the onkho Success Team) will come in June.
We've spent a great deal of time trawling through the GDPR and the oodles of public commentary to come up with our plans. We've also got some great ideas in the pipeline which will help further reduce the risks of a fine. Check our blog for the latest updates and announcements.
Emanur is a former management accountant turned Chief Technology Officer. After 20 years working his technology and accounting skills in investment banking he left his role as a CTO at The London Stock Exchange Group to found onkho. Emanur pushes the business' strategy and execution and occasionally opines on what he thinks is interesting.