Introducing the new data privacy law

2018 will see changes to UK data privacy laws as the General Data Protection Regulation is introduced across Europe on 25 May.

The General Data Protection Regulation (GDPR) will deal with the increase in customer data that is now generated from social media and online activity. Whether that's sharing a tweet or shopping online, the new laws will provide individuals with more transparency and stronger rights regarding personal data.

At M&S Bank we have always taken data privacy very seriously and we believe the introduction of the GDPR is really positive – giving you more control over how organisations use and manage your data.

What does this mean for you?

The GDPR provides you with more transparency regarding your personal data. It strengthens your rights, giving you improved access to your data and the right to review and, in certain circumstances, edit or delete the information that organisations store about you.

Whilst that's good news for consumers, the great news for M&S Bank customers is that you don't need to do anything. We'll keep looking after your data like we always have and if you do want to know more about the data we hold and how we use it, all you need to do is check out our Privacy Notice.

To find out more, read our frequently asked questions.

What does this mean for M&S Bank?

The GDPR won't change the ways we use your personal information.

We'll continue to value the data you share with us, treating it with respect and keeping it secure at all times. We'll continue to contact you appropriately about services that may benefit you, unless you've asked us not to.

So whilst the laws might be changing, our commitment to looking after your data stays the same.

Our new Privacy Notice

We want to make it easier for you to find out how we collect, use and protect your information, so we've updated our Privacy Notice. If you would like to read this, you can view the Privacy Notice here.

More information on the GDPR

To find out more about the GDPR, follow the links below to read the guidelines and information published by the Information Commissioner's Office:

Frequently Asked Questions - the General Data Privacy Regulation (GDPR)

What is the GDPR?

The GDPR is a new law coming into force across the European Union (EU). It builds upon existing data protection laws in place in the EU, and is designed to give individuals, such as customers and employees, increased rights and transparency over their personal information by helping them understand how companies, such as M&S Bank, use their data, for example, for lawful purposes in the provision of banking services. The law also gives individuals the ability to exercise their rights such as correcting or accessing their data.

When does the GDPR come into effect?

The GDPR comes into effect on 25 May 2018 in the UK and across the EU and builds upon the existing UK Data Protection Act 1998.

Who is affected by the GDPR?

The GDPR applies to organisations located within the UK and EU which process personal data about individuals. It may also apply to organisations located outside of the EU that process the personal data of EU residents in some instances.

Why is the GDPR being introduced?

With more digital advances and fundamental changes to the ways in which data can be used and shared, the GDPR attempts to modernise the law to cope with developments in information technology. It is intended to bring about openness and transparency between individuals and the organisations that use their data, and to ensure organisations act in an accountable and compliant manner where they process individuals' data. In the UK, Parliament is also in the process of introducing a new law (the UK Data Protection Act 2018), which will sit alongside the GDPR. You may hear people refer to this, but M&S Bank's actions in the UK are intended to cover both the GDPR and the UK Data Protection Act 2018.

Why is an updated Privacy Notice being introduced?

M&S Bank is providing an updated Privacy Notice to provide more specific information to individuals about how we use their data, and their rights in respect of their data. We are issuing standalone Privacy Notices for customers which explain how we collect information about customers, how we use their information and who we can share their information with. Many other organisations will similarly be issuing new and updated privacy notices to their customers over the coming months.

How will the new Privacy Notice affect customers?

The Privacy Notice, which is available now, provides customers with more information about the use of their information and their rights. No action is required from customers.

Where can I view the Privacy Notice?

What is personal data?

Personal data is any information related to a living person (known as a data subject) that can be used directly or indirectly (when combined with other information) to identify the person. It doesn't apply to non-living persons, for example most corporate entities, but may apply to data we process about individuals connected with that corporate entity.

What about BREXIT?

The UK government has confirmed that the UK's decision to leave the EU will not affect the commencement of the GDPR for the UK.