General Data Protection Regulation (GDPR) - The things you should know
GDPR is an EU regulation designed to help people better control their personal data. It replaces existing legislation (the Data Protection Act 1998) and aims to ensure that all businesses, such as us, are open and transparent about the personal information that is collected and how it’s used.
Here’s a few of the key highlights, and the changes we’ve made to make things clearer:
It’ll come into force on 25 May 2018. Companies must be compliant otherwise they risk significant fines, up to €20m or 4% of their turnover! GDPR limits how we can use your data, and requires firms to be transparent over what they use it for. In some circumstances we must obtain explicit consent before using your data for certain activities, such as marketing. It enhances your existing rights regarding your personal data and places a greater onus on us to be able to facilitate certain requests, such as Data Subjects Access Requests (DSARs), for which the timelines for responding have been reduced to one month. As a customer you will also have additional rights, which include the ‘Right to Erasure’ (also known as the right to be forgotten) in certain circumstances, and the Right to Data Portability, which will allow you to move your data more easily to another organisation. We have gone through a process of updating our app, so that you are given all this information as you go through your journey with us. This will make it much clearer and more transparent as to how we are using your data and why.
We have also appointed a Data Protection Officer to ensure that we are keeping to the new regulation, so if you have any queries regarding your rights in relation to your personal data, please contact us.