What’s this new data protection law all about?

And what’s it got to do with U?

You’ve almost certainly read the four letters ‘GDPR’ somewhere recently. It might have been in one of the many emails you’ve received informing you of changes to business’s privacy policies. Maybe you read it in an article about new EU data protection law and what it will mean for UK companies and their customers. Or perhaps you saw it on the news, when your favourite social network found itself in the spotlight for its handling of your personal information…

But if you’re unsure exactly what GDPR is, or how it will affect your relationship with us, you can get the low-down right here. (And we know it’s not the most thrilling topic in the world, so we’ll be super quick — promise!)

1) What is GDPR? — And why should I care about it?

First off, GDPR stands for ‘General Data Protection Regulation’. It might sound like a tongue-twister, but it’s actually the name of some new privacy rules, brought about by the European Union (EU), which determine what organisations are allowed to do with the personal information they hold about you.

There was a regulation for this already in place — called the ‘Data Protection Act 1998’ — but while this may have been a bit easier to say three times fast, the old regulation didn’t provide individuals quite as much protection or control over their personal information as the new regulation will.

Essentially, GDPR is a good thing. It should make you happy.

2) What are the changes and when are they happening?

GDPR comes into effect on 25 May, and it will…

  • Give you more rights and more control over your personal data
  • Make it a bit easier to find out how organisations collect and use your data
  • Give you more choice over what communications you receive (or don’t receive)

3) Hoooold on. What exactly is ‘personal data’?

Personal data = The information that organisations hold about you

Depending on the business and what service they offer you, this could range from basic personal information like your name and date of birth, to contact details such as your email address, postal address or phone number.

Some companies may also collect more obscure information about you that they use to influence their business decisions — for example, a café chain might know how many of their customers prefer lattes to cappuccinos, or whether tea is more popular among men or women.

4) What does this mean for U?

For personal data held at U Account specifically, GDPR will mean two big changes for our account holders:

  1. A more user-friendly Privacy Notice
     Our revamped Privacy Notice has been written in a way that’s a bit more digestible, and clearer about the sorts of personal information we collect, why we collect it, and what we use it for.
  2. An easy way for you to tell us your contact preferences
    You’ll be able to pick what sorts of messages you get from us, by letting us know which topics you want to hear about and how you hear about them, in a new Preference Centre within your account.

All U customers will also benefit from extended rights that GDPR will introduce regarding personal data. These include the right to request access to the information we hold about you, the right to change any info that’s out of date, and the right to ask us to delete your data.

The Information Commissioner Officer (ICO) website gives a good overview of the key changes to data protection law, so you can read more about the specifics there.

5) Some things won’t change…

Just to be super clear:

— We’ll never sell your personal data.
— We’ll always store it safely.
— We’ll be 100% transparent about the info we have and what we’re using it for.