With the new General Data Protection Regulation (GDPR) coming into force this week, on 25th May, we’ve been working hard to ensure our systems are enhanced ahead of the new rulings, so that you can be confident that our technology will keep you compliant.
Our enhancements have addressed the main areas of GDPR relevant to the functionality of our systems and the way you use them: definition and handling of personal data, the right to be forgotten, recording of clients’ consent, data portability and the right to object. This blog explains how we have updated and improved each of our systems so that you can have complete peace of mind after 25th May.
Both MortgageBrain Classic and MortgageBrain Anywhere have had several improvements and enhancements in light of GDPR.
There is now much greater flexibility and control in client data handling, for example enabling you to choose various options when deleting client records or exporting client data – some of the main GDPR requirements.
As GDPR requires you to justify why you’re keeping client data, our sourcing systems now enable you to find dormant clients in order to delete their data or re-contact them if needed. There is a ‘find dormant clients’ option, which you can select to bring up the clients to review.
The new rules also state that no record can be kept of any client data which has been deleted. Therefore, your deleted clients list will only contain a unique client ID, who deleted the client, when, and why.
A ‘deleted clients’ list can be exported in a CSV file to another location allowing it to be saved as part of the GDPR record keeping process.
Another stipulation of GDPR is to be able to export client data in a common standard format. This is to comply with the ability to provide clients with their data so that they can check and confirm that what is being held is correct.
We have also now made it easy to export this data, with a new export button, which also allows you to save the data to a file which can then be given to the client.
CRM, back office support & compliance systems
The Key, our CRM system, stores a great deal of client data, so there is now additional functionality to ensure you can fulfil your GDPR responsibilities. The enhancements include the ability to record consent, and the right for clients to be forgotten.
There are multiple enhancements to recording consent located in the ‘consent manager,’ as well as the ability to record ‘processing consent.’ Users are also able to record marketing consent via mail, email, phone and text message.
All of the Key’s deletion processes have been reviewed to ensure all personal data is removed to comply with GDPR. We have included a new function, enabling you to select multiple client records to be deleted all in one go. You can also search free text recorded as notes in order to search for, and delete, personal data that isn’t stored in the main client record.
The Key’s data portability features have also been reviewed, so that all necessary personal data is available. Industry-standard formats are now used, and records of activity now kept within the Key.
Finally, we have also reviewed our Fact Find functionality and have ensured that amendment of dependents data is recorded to ensure compliance with GDPR.
Multi-lender mortgage application platform
MTE, our mortgage application system, as with our other products already fulfilled most of the GDPR requirements, with personal data being password protected and encrypted. However, we have made further enhancements ahead of this month’s implementation of the new rules, including the ability to delete applications permanently, export client data as a CSV file and the ability to keep a record of client data exports and deletions. Furthermore, we have introduced a new option to record a free text note when deleting a client.
While our systems enable you to be fully GDPR-compliant, there are still responsibilities which lie with you. These include ensuring your computers are running software which is fully secure, and operating systems supported by providers. Any applications you use should be kept fully up-to-date, as well as protected by strong passwords to ensure security of data you store. We also recommend using screensavers for when you’re away from your computer for added protection.
If you’d still like to read more about GDPR, with the regulations coming into place on 25th May 2018, a presentation on the topic can be found here.