What do GDPR laws mean for you and your finances?

Marianne Curphey

With all this talk of the new GDPR laws flying around you would be forgiven for feeling a little confused. We clear up what these regulations will mean for you and your cash

New rules have come into force which means companies must be much more open about how they use and collect your data when you bank, shop, browse the internet and sign up for newsletters.

The laws, called GDPR, are the reason you will have been receiving lots of emails last month (May 2018) from companies asking you to confirm your subscription or advising you of a change in their privacy policy.

In the future, a company or website will have to ask your permission to keep your personal details on their database. If you sign up for something new, they will need to be clear about what they hold on you, and whom they share the data with.  If you have already signed up in the past, they must reconfirm that you are happy to receive communication from them. If not, they must delete the information that they hold about you.

Early feedback from business suggests that a lot of people have been using the new rules to clear their inboxes of emails and newsletters they no longer find useful. In turn, retailers have been offering incentives, such as discounts and prize draws, to persuade customers to allow them to keep on contact.

Internet search engines such as Google, browsers like Chrome, Safari and Firefox, and email providers such as Gmail and Yahoo, will be serving pop-up ads or sending you messages to give you the opportunity to view, modify or change your privacy settings and agree to their new privacy policies.

 

What are the changes and how do they affect me?

The rules are known as the General Data Protection Regulation (GDPR) and have been brought in under EU rules and while the UK is still subject to European law. They came into force on May 25, 2018. Post Brexit, any company which does business with customers within the EU will have to abide by these rules, so they are unlikely to change.

In terms of your online browsers, emails and privacy settings, GDPR is a great opportunity to check how your information is being used and shared, and to change your preferences so that your data is not sold on to third parties. You can do this by altering the settings under your Privacy headings.

Companies have to prove that you actively consented to them staying in touch, and they must have a record of when you agreed. That’s why all the emails require you to sign up again and confirm you wish to continue to receive communications from them.

 

What about financial services companies?

The rules are a bit different if you have a contract or ongoing relationship with a company, for example your bank, insurance company, mortgage provider, or credit card company.

Your bank will probably have written to you explaining the changes, or if you bank online, a message or pop-up will outline the privacy policy.

"GDPR is very good news for consumers, as it gives them power over their personal data and a right to redress"

As your bank or card provider already has a relationship with you, you have already consented to staying in touch. They will most likely write to you with an update to their privacy policy. Alternatively, they may put the new information on their website and alert you with a pop-up message.

Other financial services companies with whom you have a contract, for example your car insurer, might send you updated terms and conditions. They will be allowed to contact you when your insurance is up for renewal. Under the rules, you don’t have to sign up again with them and they are allowed to stay in touch.

 

Will I notice any difference?

You should receive fewer junk emails. Companies who do stay in touch must have expressly asked your permission to do so. You should also find that you are not contacted as frequently by third party companies that you have never heard of.

The changes are good news for consumers. When you sign up for something new, the company must be clear about what they will do with your data, who they plan to share it with, and how it will be used. You must also be offered the option to have it deleted. GDPR gives power back to the consumer to control how their personal data is used and stored.

In return, the stakes are high for businesses. If a company doesn’t follow the rules or doesn’t report a data breach in the allotted time, they will be fined up to €20 million.

You can ask what data a company holds, and they must provide you with a copy of what is on their database about you. When you no longer want to deal with a company you can ask them to delete all the information they hold about you.

A company must have a more detailed privacy policy which should be clearly flagged on their website. You have the right to correct or have deleted any information held on you which is incorrect.

There are also much tougher sanctions for companies which suffer data breaches – for example when names and details are comprised because of a security breach of the company’s internal databases.

If a company knows or suspects your personal data may have been leaked or stolen, you must be told about this within 72 hours of the breach happening. The company must also notify the Information Commissioner’s Office (ICO) within that time frame as well.

Overall, GDPR is very good news for consumers, as it gives them power over their personal data and a right to redress. Your personal data is valuable and GDPR restricts the ways in which companies can monetise and exploit it. In addition, you have the satisfaction of presiding over a slimmed-down Inbox.