This website is for financial advisers within the UK, Customers looking for Zurich products please go to Unless you are a financial adviser in the UK who has entered into separate contractual arrangements with Zurich Intermediary Group Limited (“ZIG”) for access to the secure parts of this website, the viewing of this web site is subject to Disclaimers, which, by continuing to access this site, you acknowledge that you have read and accept.

We use cookies to provide you with a responsive service to make your experience of our website(s) better. Please confirm that you agree to our use of cookies in accordance with our cookies policy.

By continuing to use our website we will assume that you are happy to receive non-privacy intrusive cookies. Please be aware that if you disable cookies some functionality on the site will not work.

Alternatively, read our cookies policy to find out more about our cookie use and how to disable cookies.

    • Protect the environment. Think before you print.

How this small(ish) IFA firm keeps its clients' data secure

30 May 2018

The GDPR is pushing data protection to the front of the agenda for many firms. Here are some questions you may wish to ask of your business...


Advisers can bring additional value to clients by helping ensure the security of their data.

We have yet to see any high profile breaches of client data hitting adviser firms. But with data protection, data breaches and concerns about data misuse hitting the headlines, how should advisers position themselves?

It is something we have been considering for some time at Nexus. Among other things, we believe that advisers should be aiming for the highest standards of data protection and data management – and we believe that would still apply even without the General Data Protection Regulation (GDPR).

Of course, the GDPR provides a useful framework, but firms need to look at the broader context too. Below we set out the key questions and, where we have them, the answers we have been using to inform our strategy.

How should advisers be positioned for GDPR?

The GDPR is any adviser’s biggest immediate data challenge. We have reviewed our own data systems and are in the process of updating our communications with clients, consulting with them on how we can use their data.

Given that we do not bombard them with email marketing, it is proving reasonably straightforward. The hardest part of the GDPR will prove to be managing data between firms, so how we share data with platforms, pension providers, insurers and back office software providers.

Adviser firms should not simply take any changes on trust; data use should now be a factor in any recommendation process. Our goal ultimately – say six months into the GDPR process – is to position ourselves at the centre of things where we are rating our partner firms’ data processes alongside their fund performance and service standards.

How secure are client email communications?

We have been testing a secure email and password system, Beyond Encryption, which gives an increased level of protection to our communications.

One of the biggest challenges has been convincing clients to embrace the system. But after a few months of persuasion we have everyone on board. It also demonstrates to new clients how serious we are about data security.

What about data breaches?

Advisers can’t protect clients against everything. If a client’s bank account is hacked as part of a more general breach, there is not a huge amount an adviser can do in terms of prevention.

However, we should be prepared to help with advice on any kind of breach, including how to complain and seek compensation, and what clients can do to make passwords secure. Be proactive and help clients establish good data habits.

What about the furore on social media?

It is clear that Facebook has not been following the highest standards when it comes to client data.

No-one is an island, so it is something we have been giving a lot of thought to. We use a range of social media, but where possible have decided to restrict how our data can be used unless there is a clear benefit. We will be suggesting the same approach to our clients.

Although concerns about micro-targeting are largely confined to the political arena so far, we are maintaining a watching brief. We are not going to tell clients to come off Facebook or Twitter but will suggest they understand just how much data is being held.

What about artificial intelligence (AI)?

We are a reasonably small firm, so there are limits to how much we can get under the bonnet of AI.

We know that many financial services businesses are embracing this. We can see how understanding the customer and the client could be a boon – reducing costs and providing a better, more appropriate service. But we also have concerns about its potential abuse.

We hope the GDPR deals with many of these matters. But at the very least, we want to see policies from financial firms that clearly outline how AI will be used fairly and in clients’ interest. Advisers may be able to play a role in keeping firms on their toes.

Kerry Nelson is managing director of Nexus Independent Financial Advisers