GDPR | General Data Protection Regulation | YBS
Find out more about the General Data Protection Regulation. Why it’s needed and what it means to you.
Do you know how your personal information is being collected, used, stored and shared by the organisations that you’re giving it to?
With ever-changing and improving technologies, data sharing has become something we do every day, and this means data protection is becoming more and more important. This is why new legislation, known as the General Data Protection Regulation (GDPR), was enforced on the 25th May.
But what exactly does this mean for you as a customer?
What is GDPR and why is it needed?
GDPR is designed to replace and modernise the current Data Protection Act. This new regulation builds on principles already in place and specifically aims to give individuals more control over their personal information and make organisations more accountable for how they collect, use, store and share personal information. Personal information is any information that can be used to identify you either on its own or together with other information for example your name and address.
There are two main reasons why GDPR has been developed.
GDPR identifies a number of safeguards which organisations have to put in place to protect personal information, and gives you enhanced and new rights regarding how your personal information is collected, used, stored and shared.
For anyone who is questioning how EU law like GDPR operates post-Brexit, it was announced last year that a new Data Protection Bill will in effect implement the GDPR and will reiterate the UK’s commitment to the privacy principles enshrined in the EU regulation. The Bill will result in a new Data Protection Act replacing the 1998 Act. And as and when the UK leaves the EU the new Data Protection Act will replace the GDPR.
What does it mean to you?
GDPR aims to protect all the personal information which an organisation collects, uses, stores and shares about you. Personal information is any information that can be used to directly or indirectly identify you as an individual. Previously this was limited to information such as your name, address history, phone number etc., but in a world where technology is developing at a fast pace the regulation has widened what is meant by personal information to include such things as IP addresses and social media profiles.
Whilst organisations including Yorkshire Building Society and its Group (YBSG) are working hard to make sure they comply with the regulation, as a consumer you don’t have to do anything in particular. You might start seeing subtle changes in how organisation interact with you such as cookie warnings displayed on websites, clearer check boxes when asked to sign up to newsletters and promotions, and more easily accessible information detailing how an organisation collects, uses, stores and shares your personal information.
GDPR also provides the following rights to consumers
What are we doing?
To comply with the GDPR, YBSG has carried out the following:
We have made updates to our policies and procedures to align with the stricter requirements of GDPR. We have enhanced our processes to ensure your personal information is kept safe and so should a problem occur we can fix it quickly, therefore preventing unnecessary detriment to you.
We work with a number of carefully selected parties who may process your personal information on our behalf. We have updated the contracts with these parties to ensure they take the same level of care handling your personal information.
We have trained our colleagues so they understand GDPR and can apply the regulation correctly when interacting with you and when handling your personal information.
We have updated our Fair Processing Notices (also referred to as Privacy Notices) so that you are provided with all necessary information about how we are handling your personal information. These notices can be found in our booklets How We Use Your Personal Information and Your Rights and Data Protection and within our application forms.
We are appointing a Data Protection Officer to monitor internal compliance, inform and advise on our data protection obligations and act as a contact point for data subjects and the Information Commissioner's Office.