Privacy law is changing – what does this mean for you?
As you may be aware, one of the biggest changes to UK data privacy law comes into effect on 25th May. This is when the EU’s General Data Protection Regulation (GDPR for short) comes into force.
EQ Investors (EQ) has always treated the storing, processing and management of personal data with the upmost importance. The upcoming regulatory changes will seek to only further enhance the protection of your personal data.
GDPR will give you more control over how your data is used, including how you’re contacted, how you can access your personal data and your rights to have incorrect personal data rectified.
The changes are designed to harmonise data privacy laws for all EU countries and citizens:
- Wider reach
It applies globally to all organisations processing the personal data of EU subjects and to all EU Member state organisations where they are acting as controllers of that personal data regardless of the location of the data subject.
- Stricter rules on consent
Organisations will be required to evidence that they have a legitimate basis for processing personal data or that you have given your consent.
- Right to access
Significant new rights for you to access your data, including the right to seek compensation and accurate representation.
- Right to be for forgotten
You can make a request for erasure verbally or in writing and organisations have one month to respond.
- Data breaches
Personal data breaches must be reported to the data protection supervisory authority within 72 hours of the organisation becoming aware of the breach, and to data subjects ‘without due delay’ in high-risk situations.
Brexit and GDPR
UK organisations handling personal data will still need to comply with GDPR, regardless of Brexit. GDPR comes into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply, a position that has been stated by the Information Commissioner’s Office (ICO).
What do we do with your data?
At EQ we hold personal data on our systems so that we can provide clients with the services and account management they have requested, and to comply with regulations. We also hold some personal details for non-clients that we use for marketing. These details are always gathered with the explicit consent of the individual, and are securely deleted if this consent is withdrawn.*
Information and guidance on GDPR can also be found on the ICO website.
If you have any questions or concerns about our use of your personal information or wish to request a copy of the personal data we hold about you please contact:
The Data Protection Officer (DPO)
100 Lower Thames Street
* The only exception to this being an email address that stays on our unsubscribe list, as a record of your decision not to receive further emails from us.