What is GDPR, and how will it affect you?
The issue of personal data, and more specifically data protection, has become a burning one of late - not least in the wake of the Cambridge Analytica scandal. Merely a matter of weeks ago, it emerged that the data of millions of individuals was harvested from Facebook, and illegally exchanged with the firm, which acts as a political consultant.
Against the backdrop of the controversy is the fast-approaching implementation date of the new General Data Protection Regulation (GDPR). You're most likely aware of it - if not during the course of business, then as a result of your inbox being greeted by a series of emails from various companies requesting that you remain opted in to their database.
But what is GDPR really, and why is the advent of it so significant?
GDPR in a nutshell
Widely described as the 'biggest overhaul of online privacy in the internet era', this new legislation is being brought in to make it a right for all EU citizens to know what data is stored on them, and to have it erased (aka the 'right to be forgotten’). It is also designed to provide extra protection for the individual against irresponsible data use, and in the event of a data breach too. It comes into effect on 25 May, and, despite Brexit, will replace the Data Protection Act 1998, and apply to all UK businesses for the foreseeable future.
In fact, it applies to anyone who is deemed as a 'controller' or 'processor' of personal data associated with an EU resident - even if that entity is not itself based in an EU country. A controller of data can loosely be understood as the organisation responsible for justifying how and why the data is being processed, while the processor is responsible for actually processing or handling the data (in some cases an intermediary or outsourced IT firm).
The onus lies on the controller to ensure that the data is processed lawfully, and while the processor also needs to adhere to a stringent set of rules, it is the controller who bears greater liability should a contravention of the new law, or indeed a data breach, occur. Failure to comply with GDPR on the part of a business could see them face a fine of up to €20 million, or 4 per cent of their global turnover (whichever is higher).
Definition of data and consent
Given the era of its introduction, it's fair to say that the Data Protection Act has become outdated in many respects, and one of these is the very definition of data. Under GDPR, the EU has expanded this to cover all personally-identifiable information - be that demographic data; financial, medical, cultural information, and even IP addresses.
In fact, even so-called pseudonymised personal data - whereby artificial identifiers are used as a substitute for actual data - falls under the umbrella of GDPR, depending on how difficult it is to associate these identifiers with the individual in question.
Also underpinning the revolutionary nature of GDPR is the matter of consent. Under GDPR, lawful consent must be an active, affirmative request by the individual, rather than passive acceptance. Most commonly, this relates to marketing email communications, and specifically pre-ticked opt-in boxes. These will no longer be permitted from May, and all organisations will need to keep a record of how and when customers have provided consent. Furthermore, organisations have been asked to refresh old opt-ins, hence you will likely be incurring a lot of emails at present.
GDPR and Lending Works
There are wide-ranging reports about companies either being unaware of GDPR, or failing to take action in order to prepare for it. Given how seriously we take the issue of data protection here at Lending Works, we've kept a close eye on the arrival of GDPR. The legislation actually came into force back in May 2016, albeit there has been an implementation period of two years prior to the laws being applied.
Nevertheless, a combination of the most cutting-edge data protection technologies and systems, coupled with market-leading expertise within our IT department, should give our customers complete peace of mind that their data is safe with us, and certainly would never be used frivolously. As such, the rules pertaining to GDPR are ones we have, in effect, always complied with.
We welcome any measures which safeguard personal information, and very much see GDPR as a significant force for good - not least in recent times, where data has too often been dubiously acquired and unscrupulously used. Here's hoping for a safer online world from 25 May.
There is barely a week to go until the conclusion of the 2017/18 financial year, which means that, as ISA season begins to hot up, time is running out to take advantage of your ISA allowance.
At the Summer Budget in 2015, George Osborne had multiple nuggets of good news for investors in peer-to-peer lending (P2P), most notably the announcement of the new Innovative Finance ISA (IFISA).
Over the last decade, there can be little dispute that the reputation of mainstream banks – and particularly the so-called ‘Big Four’ (HSBC, Barclays, Lloyds and RBS) – is at its lowest ebb.
The peer-to-peer (P2P) lending industry is now regulated by the Financial Conduct Authority (FCA). The regulatory framework has been designed to protect customers and promote effective competition.
Loan underwriting is the process that we undertake to analyse all of the information provided by each loan applicant and their credit file to assess whether or not that applicant meets our minimum loan criteria. As part of that process all data is verified, analysed and summarised to paint a picture of each applicant.
When you earn interest from a regular bank savings account, for example, the bank automatically deducts basic rate tax (currently 20%) before paying your interest. With interest earned from peer-to-peer lending, tax is not deducted automatically so lenders will need to declare their income to HMRC.
As 2018 draws to a close, with our bellies full of Christmas turkey, it's only natural to look back on the past 12 months and reflect. No doubt, it's been a turbulent one economically and politically, and not everyone has had it all their own way.