Privacy & Data Protection by design

Hi you might want to consider linking to your privacy policy from the app portal also. The introduction of GDPR in the UK will place an enhanced responsibility on data controllers to evidence their privacy notices and to make the content clear, accessible and understood. The policy which sits under the web content seems Ok ish . However if you’re going to be an app based bank you’ll need it there in the main user interface too. Just a little thought on future hurdles and privacy law as it emerges under GDPR.


Here’s an overview of the legislation that Matt’s referring to -

Although based on this, it sounds like it may not be legally binding for companies whose user’s are in the UK?

When we started drafting this overview, the GDPR was on track to apply in the UK from May 25 2018 and organisations would have to comply with it from that date. The ICO had started to produce a set of guidance on GDPR, and this overview was to be the first substantive part of that. The result of the 23 June 2016 referendum on membership of the EU now means that the Government needs to consider the impact on the GDPR.

However, we still think it will be useful to publish this overview. This is because once implemented in the EU, the GDPR will be relevant for many organisations in the UK – most obviously those operating internationally. The other main reason is that the GDPR has several new features – for example breach notification and data portability. Therefore we thought it would still be useful to familiarise information rights professionals with the GDPR’s main principles and concepts.

Obviously Monzo is planning to expand into the EU though…& this looks like useful guidance on best practice.

1 Like