GDPR Bedding In
It has been almost 6 months since the GDPR regime came into effect, and early signs would suggest that the invoice finance industry has adapted well to the new requirements.
As expected there was something of a last-minute rush to ensure compliance, but fears were perhaps eased by helpful comments from the Information Commissioner such as she made on BBC Radio 4’s Today programme on 25 May 2018:
“We are not looking for perfection. We do not have thousands of inspectors going out and checking people’s homework. What we do have are millions of people that have new rights and they can make a complaint against a company to our office”.
Nevertheless the difficult issue of the nature and extent of the obligations of a confidential invoice financier to notify individuals of its processing of information about them remains somewhat unresolved, and this is something which may need to be revisited as and when case law emerges on this difficult subject.
One point which was however overlooked by some invoice financiers is that taking guarantees or other security from individuals necessarily involves the processing of personal information about them, and not all invoice financiers seem to have immediately grasped the fact that steps need to be taken to ensure that Personal Guarantees and other security documentation involving individuals are GDPR compliant.