Data Protection and the GDPR

Invoice financiers are gearing up for the introduction of the GDPR which will introduce significant reforms to data protection law, and are keenly interested in the outcome of discussions which are likely between UK Finance and the Information Commissioner’s Office (“ICO”).

The legislation does not come into force until May 2018, and the government recently published a Bill setting out various ancillary provisions to the text of the GDPR itself.

When the data protection legislation first came into force in 1998 the FDA (as it then was) entered into negotiations with the predecessor of the ICO which led to a helpful concession in relation to the information required to be revealed to sole trader or partnership debtors in relation to undisclosed invoice financing.

It is correct that the requirements of the GDPR are stricter than the existing legislation, particularly in relation to the requirement to notify data subjects of processing information about them. As a result UK Finance has formed a working party which we understand intends to approach the ICO to see to what extent the strict requirements of the legislation can be mitigated to meet the needs of the ABL industry, and in particular in relation to undisclosed invoice financing.