General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a piece of legislation that has replaced the Data Protection Act 1998. The GDPR came into place on 25 May 2018 and has enhanced and strengthened individual rights, increased compliance obligations and expanded investigative and enforcement powers for The Information Commissioner’s Office (ICO).

GDPR impacts how companies collect, store and use customers personal data as well as the controls and governance around these activities. The principles of data protection remain broadly similar to the previous legislation but places more focus on organisational accountability. This gives individuals more control around how their personal information is handled, including new rights to help people understand how their data is used and how to manage their data privacy.

Customers will have the right to:

  • object to the processing of personal information any further;
  • ask to transfer a copy of the information held about them to them or another provider;
  • request to have any incorrect information, corrected;
  • request the removal of all data we hold. This right isn’t absolute and only applies in certain circumstances.

Our fair processing notices and terms of business comply with the GDPR. As part of the application process, you’ll be asked to ensure that your client has seen ‘How we use your information’, and they’ve understood how their information will be used.


For full details on GDPR, please visit the Information Commissioner’s Office (ICO) website.