Helping our clients to remain GDPR compliant
Under the General Data Protection Regulations (GDPR) data should only be ‘collected for specified, explicit and legitimate purposes’, and not kept for longer than is absolutely necessary. Data collected should also be, ‘limited to what is necessary in relation to the purposes for which they are processed’.
Whilst the Market Abuse Regulations (MAR) provide a legitimate reason for the collection and storing of certain data about company Insiders, it is important that this data is not kept for longer than is necessary or stored for individuals who are not Insiders.
Data Retention Tool
Insidertrack’s new Data Retention Tool enables our clients to easily identify and delete data that should no longer be held on the system.
Clients can configure the tool to identify where data has been held for a set time period and is now eligible for deletion. It offers clients the flexibility to erase either just an individual’s MAR data or the individual in their entirety, from the system.
The multiple settings give full control over data retention periods, so the system will calculate deletion dates based on client specified settings. For example, clients may choose to delete individuals who have not been on any project lists after three years but retain individuals who have been on Confidential lists for five years.
For MAR data, the standard retention period is of course five years from the date the individual ceases to be an Insider. However, we know that some clients have been requested by the FCA to retain certain data for an extended period or even indefinitely. The tool allows the client to set new retention periods for specific individuals or project lists allowing them to remain compliant with both GDPR (as the data has been re-assessed for its legitimacy) and any FCA requests.
There are instances in which MAR data has been collected for people who have not subsequently become Insiders. These individuals can be highlighted by the tool and the client can assess the requirement to keep the data. It is highly likely that this data will be erased as there is no requirement to store it, unless there is imminent knowledge that the individual is about to become an Insider (e.g. if they are about to become a PDMR).
This new functionality was released in v1.18 of Insidertrack and is available for configuration on client instances now.
If you would like a demonstration of Insidertrack and the new Data Retention Tool please contact Richard Nelson.