General Data Protection Regulation (GDPR) | Chelsea Building Society
GENERAL DATA PROTECTION REGULATION
Find out more about the General Data Protection Regulation. Why it’s needed and what it means to you
Do you know how your personal information is being collected, used, stored and shared by the organisations that you’re giving it to?
With ever-changing and improving technologies, data sharing has become something we do every day, and this means data protection is becoming more and more important. This is why new legislation, known as the General Data Protection Regulation (GDPR), is being enforced on the 25th May.
But what exactly does this mean for you as a customer?
What is GDPR and why is it needed?
GDPR is designed to replace and modernise the current Data Protection Act. This new regulation builds on principles already in place and specifically aims to give individuals more control over their personal information and make organisations more accountable for how they collect, use, store and share personal information. Personal information is any information that can be used to identify you either on its own or together with other information for example your name and address.
There are two main reasons why GDPR has been developed.
What does it mean to you?
GDPR aims to protect all the personal information which an organisation collects, uses, stores and shares about you. Personal information is any information that can be used to directly or indirectly identify you as an individual. Previously this was limited to information such as your name, address history, phone number etc., but in a world where technology is developing at a fast pace the regulation has widened what is meant by personal information to include such things as IP addresses and social media profiles.
Whilst organisations including Chelsea Building Society and the Yorkshire Building Society Group (YBSG), of which it is part, have worked hard to make sure they comply with the regulation, as a consumer you don’t have to do anything in particular. You might start seeing subtle changes in how organisation interact with you such as cookie warnings displayed on websites, clearer check boxes when asked to sign up to newsletters and promotions, and more easily accessible information detailing how an organisation collects, uses, stores and shares your personal information.
GDPR also provides the following rights to consumers
The right to be informed
The right of access
The right to rectification
The right to erasure (right to be forgotten)
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision-making and profiling
The right to lodge a complaint with the Information Commissioner’s Office (ICO)
What are we doing?
To comply with the GDPR Chelsea Building Society has carried out the following:- We have made updates to our policies and procedures to align with the stricter requirements of GDPR. We have enhanced our processes to ensure your personal information is kept safe and should a problem occur we can fix it quickly so preventing unnecessary detriment to you.
- We work with a number of carefully selected parties who may process your personal information on our behalf. We have updated contracts with these parties to ensure they take the same level of care handling your personal information.
- We have trained our colleagues so they understand GDPR and can apply the regulation correctly when interacting with you and when handling your personal information.
- We have updated our Fair Processing Notices (also referred to as Privacy Notices) so that you are provided with all necessary information about how we are handling your personal information. These notices can be found in our booklets How we use your personal information and Your Rights and Data Protection and within our application forms.
- We will be updating these between now and 25 May when the GDPR comes in to effect.
- We are appointing a Data Protection Officer to monitor internal compliance, inform and advise on our data protection obligations and act as a contact point for data subjects and the Information Commissioner's Office.