Meet GDPR 👋🏻
The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It provides individuals with new rights in relation to how your personal data is collected, used and stored and provides new rules for organisations on how to handle personal data.
📆 Save the date! GDPR comes into effect on 25 May 2018.
So what does Personal Data actually mean? 🤔
Personal data means data which relates to a living individual, that can be used to identify that specific individual, including any expression of opinion about the individual.
Without any of the legal jargon, personal information essentially refers to things like your:
|Email address||IP address||Location data|
Any data that has been anonymised or aggregated will not constitute personal data.
GDPR classifies two different types of personal data. There is personal data (the type of data shown above) and sensitive personal data, which includes things like:
|Religious beliefs||Political views||Sexual orientation|
|Health data||Biometric data||Genetic data|
What makes sensitive personal data special, is the fact that it requires businesses to obtain explicit consent from the customer, or in other words, customers have to actively ‘opt-in’ to share their personal data. Gone are the days of the pre-ticked box for obtaining consent, finally. 💪
And in case you're wondering, Revolut does not hold any of its customers’ ‘sensitive personal data’ for the purposes of GDPR.
Ok, but why is this a big deal? 🤷♂️
In this section, we'll talk about individuals and companies separately.
GDPR aims to give power back to you and let you have more control over your data. GDPR gives you some new rights and builds on some old rights in relation to your data, such as:
Right to erasure - also known as the ‘right to be forgotten’. The GDPR introduces a right for individuals to have personal data erased. The devil is in the details though, as this right is not absolute and only applies in certain circumstances.
Right to data portability - The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
Taking the legal jargon out again, this right is like a 'U-Switch' for your data. It allows you to instruct a company to take all your data and send it elsewhere, for example when you switch phone networks without changing your number.
Right to be informed - Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. And in case you haven't already read them, part of all these emails you’ve been receiving about your data from various companies is in relation to this right.
GDPR introduces a duty on companies to appoint a Data Protection Officer (DPO). The DPO has a number of important responsibilities including:
- monitoring compliance with the GDPR and other data protection laws;
- raising awareness of data protection issues, training staff and conducting internal audits; and
- cooperating with supervisory authorities such as the ICO on the company's behalf.
The GDPR means that all organisations now have to report certain types of personal data breaches to the relevant authority. Once a company becomes aware of a breach, they've got a responsibility to report it within 72 hours. If it looks like that breach will adversely affect individuals’ rights and freedoms (for example a person could be in danger of identity theft), the company also has to inform those affected as soon as possible, otherwise they could find themselves in some serious hot water, both by the regulator and their own customer base!
And now for the juicy part - being in serious breach of GDPR can result in a fine of up to 20 million euros or 4 percent of your global turnover. 😲
What is Revolut doing about GDPR? 🚀
We’re trying to be as transparent as possible as we know how much you value your data. By allowing us to use it, we can create a more bespoke offering for you, which will hopefully allow you to get even more value from the Revolut services.
There will be a new privacy section in the Revolut App, accessed via the profile section. Here you will be able to opt in or out of marketing emails and marketing pushes whenever you want.
So that we’re clear Revolut promises you that we will:
✅ Always keep your data safe and private.
✅ Never sell your data.
✅ Allow you to manage and review your marketing choices at any time.
Join Revolut for Free
Over 1.5M people have used Revolut to set up a current account in 60 seconds, spend and send money fee-free globally using the real exchange rate, and hold and exchange 25 currencies.