FCA found to have breached GDPR rules - reports

investmentweek.co.uk:

The policy was signed off in 2016 by the office of then CEO and current governor of the Bank of England, Andrew Bailey.

The policy is believed to have been signed off by the office of then CEO Andrew Bailey, who is currently governor of the Bank of England, and has been used to keep track of employees considered to be a «nuisance», according to a report by The Times.

The ICO concluded last month that the FCA had «infringed their data protection obligations», after a former employee complained about the policy to the data protection regulator.

'No intention' of retrospective action in FCA's proposed non-financial misconduct rules

Emails from certain individuals were diverted from reaching their recipients, including more confidential lines of business such as whistleblowing and independent reviews, and were intercepted by a designated employee within the FCA.

The individual had to choose whether to forward the correspondence to the intended recipient or not.

The policy was set up in 2016 and now the regulator is facing calls to compensate those impacted by its breach of data protection rules.

The employee who sent the complaint told The Times the policy «compromised the integrity of the FCA's confidential channels» while leaving people's personal and confidential data exposed. The individual added they had warned the FCA several times about the illegality of the policy.

The policy was also widened to go beyond employees and include «vocal members of the public», the employee said. «It was a way of tracking reputational risk by monitoring people who raised concerns and were considered a nuisance.»

FCA urges firms offering high-risk investments to retail investors to review promotion practices

The individual added the