General Data Protection Regulation (GDPR)

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.

The Regulation contains various articles including “Data protection by Design and by Default” (Article 25) which requires that data protection is designed into the development of business processes for products and services. This requires that privacy settings must be set at a high level by default, and that technical and procedural measures should be taken care by the controller in order to make sure that the processing, throughout the whole processing lifecycle, complies with the regulation.

Does Monzo have any thoughts on how this new Regulation will impact their methods of working and the design of their app?

I guess Monzo will just comply :slight_smile: I think you still have control with Monzo I know contacts being shared are main reason of concern for most people but as we know they are working on an update. Just bear with Monzo if you can I guess :wink:


@tom briefly touched on it in the Annual Report 2017 CEO Letter

In principle, we believe the customer should be in control of their financial data. As such, we will explain what benefit you’ll get from sharing, and we won’t share your personal data with third parties without your explicit consent. We also believe in transparency – if Monzo benefits from a data-sharing deal, we’ll let you know about it upfront. If you don’t give consent, your data will remain private. We welcome new regulation (GDPR and PSD2 in particular) in this area because we believe it puts the customer firmly in control of their personal data.


I don’t think that GDPR is as big an issue for banks as the NIS directive which specifically targets ‘infrastructure’ companies like banks

Funnily enough Starling published a blog on this today. Apparently it’s no biggie for modern banks :slight_smile:


This is a super old thread but no idea where to ask this quick question.

So I received the below email from Costa, even though I’ve opted out of promotional emails with them:

Is this a breach of something? I’m not exactly that fussed it just niggled me, especially as they acknowledge in the email that I’ve specifically opted out of emails like the exact one they are sending…

1 Like