On 25th May 2018, new data protection regulations come into force. By now there surely can be few people in the UK who have not been touched in some way by organisations preparing for the introduction of these new rules. GDPR stands for General Data Protection Regulation, and applies to every company in the world that operates in the European Union and uses personal data. The regulations cover your data and how companies look after it.
Whilst many people have seen GDPR as a great way of ‘cleaning out their in-box’ of unwanted mail there are more serious and important aspects of the new rules. GDPR replaces the rules established under the Data Protection Act of 1998. Back then, paper was still the main media of data collection, Facebook and Twitter were still years away from development, and mobile phones were used for actually speaking to people! In the last 20 years, use of data has moved on significantly and the objective of the new rules, is really to bring protection up to speed with the needs of ‘internet age’.
At Ethical Futures, information is our business. Protecting your data and using it responsibly is important to us and we want to make sure you're clear on what we do with your data.
Under GDPR, companies will have to stick to new rules to make sure customer data is looked after. These rules give you a number of rights. They include the right to see the personal data companies hold about you, you being able to ask them to delete this personal data and you have to give your consent before a firm can do certain things with your data.
At Ethical Futures, the nature and basis of our use of your data is contractual. To be able to advise you – we need to ‘know our client’ – so we ask lots of questions and gather data about your personal and financial circumstances. Indeed, we probably know a lot more about you than most of your friends and family – so we take that responsibility very seriously.
We only share information for the purpose on managing your finances and do not sell data to any third parties. We regularly review our processes for data gathering and recording. We are currently looking at rolling out a ‘secure messaging’ system to improve security of sensitive communications. When we partner with third parties to deliver our services we also look for the highest standards and are pleased to report that two of our main support services, including the one that holds most of your data, are accredited with the international data management standard ISO 27001.
As mentioned above, we have a contractual basis for data gathering to allow us to do our job. For that reason, clients have not received an email requesting maintenance or additional ‘consent’ – we already have that from you, when you signed out terms of business. The management of ‘marketing’ communications is actually governed by different rules to those under GDPR, but just for your information, we shall clarify our position in that respect. We currently only communicate with you on the basis of contractual terms – i.e. sending you reports or letters about investments or ‘legitimate’ interest, for example newsletters or other notifications that are relevant to our clients circumstances, such as notice of events about ethical investment. We do not currently market any third party services, share information for marketing purposes or market new products to existing clients. If we sought to do so – this could only happen if we had your explicit consent.
We hope that this clarifies matters for you. For further information about our policy, please see our Privacy Statement.