The General Data Protection Regulation (GDPR) is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places stricter rules on how organisations handle your personal data. And gives you more control over your information.

GDPR came in to effect on 25 May 2018.

The Data Protection Act had become outdated. The new regulation brings the laws and levels of protection up to date. Some of the key changes are:

• Organisations have to be clearer about what personal information they hold, why they have it and how long they’ll use it for. They must also tell you about your rights. You can see our Privacy Notice at tsb.co.uk/privacy - or ask for a copy in branch
• You’ll have more rights over your data. We have a Data Rights Team who help to guide our business and oversee our use of your information
• You’ll be protected, even if the organisation using your data is based outside the European Union
• The Independent Commissioner’s Office (ICO) has the power to make sure organisations meet the new rules, and can charge any that don’t with big fines
• You’ll still be protected after Brexit. The UK has introduced the Data Protection Act 2018, so the new regulation is here to stay

TSB has a Data Protection Officer to guide the bank, and new training has been given to all our Partners.

The new regulation applies to ‘personal data’. Here’s the full legal definition of what that means:

“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

So, ‘personal data’ basically means any information relating to you.

All personal information is important. But ‘sensitive data’ gets extra protection. This includes details about your race, political opinions, trade union membership, genetic and biometric data and any criminal offences.

At TSB, we treat all of your information as confidential.

The Information Commissioner’s Office (ICO) is the UK’s independent authority dedicated to upholding information rights. You’ll find lots of useful facts on the ‘Your Information Matters’ section of its website. Just go to www.ico.org.uk

We’d like to let you know about products or services we genuinely think will benefit you. But we can only get in touch if you give us your permission. You can even say how you’d like to hear from us, by email, post, phone or SMS, and you can change your mind at any time.

Bear in mind that, even if you tell us you don’t want to hear about our products and services, we still have to get in touch from time to time to meet our legal and regulatory requirements. For example, if you hold a credit card with us we will write to you to let you know of any changes to our interest rates.

It covers all the EU. However, there are other laws that allow or require organisations to manage your information, even if you don’t give your express permission. For instance, banks must check information to prevent fraud and money laundering and to give certain information to HMRC.

A lot has changed since the Data Protection Act was introduced in the 1990s. Since then, the internet, social media and smartphones have been introduced which the Data Protection Act didn’t legislate for.

Advances in technology mean that the world is a very different place. So the new regulation brings the law and your data protection rights completely up to date. Some of the key changes are:

• Organisations have to be clear about what personal information they hold, why they have it and how long they’ll use it for. They must also tell you about your rights. You can see our Privacy Notice at tsb.co.uk/privacy - or ask for a copy in branch.
• You’ll have more rights over your data. Most organisations won’t charge you for using those rights.
• We have a Data Rights Team to help guide our business and oversee our use of your information.
• You’ll be protected, even if the organisation using your data is based outside the European Union.
• The Independent Commissioner’s Office (ICO) has the power to make sure organisations meet the new rules, and can charge any that don’t with big fines
• You’ll still be protected after Brexit. The UK has introduced the Data Protection Act 2018, so the new regulation is here to stay.

TSB has a Data Protection Officer to guide the bank, and new training has been given to all our Partners.

We use it to do some very important things:

1. Providing products and services in the way you’d expect. This includes:
   • looking after your money
   • making sure we get in touch with you in the way you want
   • telling you about changes to regulations
   • highlighting anything on your account(s) that looks like it might be fraud
2. Improving our products and services.
3. Keeping you up to speed about your products and the services you have with us and how you could get even more out of them.
4. Letting you know about things we genuinely believe will benefit you.

To see our Data Privacy Notice go to tsb.co.uk/privacy - or ask for a copy in branch.

We would be breaking the law and financial regulations if we didn’t communicate with you to tell you certain things. So we use your data to let you know about:

• Changes to regulations and your products and services
• Anything on your account that looks like it might be fraud
• Statements and summaries that help you manage your money

You can’t opt out of these types of messages. But with things like your statements, you can tell us how you’d like them to be sent.

You can change your permissions any time you like through your Internet Banking by clicking "Change details" or at your local branch. You can even ask us to stop sending certain messages altogether.

We’d like to tell you about things we genuinely believe will benefit you. And you can even choose how you would like to receive these messages – by email, post, SMS or phone. If we can’t contact you about things that really make a difference, you might not be getting the best service you can with us.

When it comes to things like the internet, digital and catch-up TV services and social media, we can make marketing relevant because we use the information we already hold on you. If you don’t want us to do this, you can opt out of receiving tailored marketing information. If you do, you may still see TSB advertising, but it just won’t be tailored to you.

Another thing to bear in mind.

If you ask in-branch, over the phone or online about one of our products or services, we may use the data you provide to give you a personal, helpful service.

Bank account data isn’t treated like information held by other companies and services.

Legally, we have to keep your information, even after you close your account. The authorities can ask for it to help in tax avoidance, fraud and anti-terrorism investigations. But don’t worry. We’d never use your data for any other reason if you’ve closed your account with us.

You can get full details about how we use your information by checking our Data Privacy Notice at tsb.co.uk/privacy

Bear in mind that we may have to pass your information to Credit Reference Agencies and Counter Fraud Agencies.

Under both the old Data Protection Act and the new regulation (GDPR) you can submit a Data Subject Access Request. If you’d like to do this just call us, visit your local branch or go to the ‘Your Rights’ section of our Data Privacy Notice at tsb.co.uk/privacy.

Yes, you can change your marketing permissions at any time. Simply log in to your Internet Banking and update your permissions via the “Change details” link and choose either email, post, SMS or over the phone. Or call our contact centre on 03459 758 758 or visit your local branch.

The new regulation (GDPR) doesn’t change the fact that we must carry out credit and fraud checks on all our customers. The Credit Reference Agencies have worked with the Information Commissioner’s Office (ICO) to agree a privacy notice called the Credit Reference Agency Information Notice (CRAIN).

You can find out more at tsb.co.uk/privacy or experian.co.uk/crain

The new regulation (GDPR) sets out some clear rules about what information must be provided in our Data Privacy Notice and how the information should be presented.

To see our Data Privacy Notice, go to tsb.co.uk/privacy - or ask for a copy in branch.