Here’s an overview of the legislation that Matt’s referring to -
Although based on this, it sounds like it may not be legally binding for companies whose user’s are in the UK?
When we started drafting this overview, the GDPR was on track to apply in the UK from May 25 2018 and organisations would have to comply with it from that date. The ICO had started to produce a set of guidance on GDPR, and this overview was to be the first substantive part of that. The result of the 23 June 2016 referendum on membership of the EU now means that the Government needs to consider the impact on the GDPR.
However, we still think it will be useful to publish this overview. This is because once implemented in the EU, the GDPR will be relevant for many organisations in the UK – most obviously those operating internationally. The other main reason is that the GDPR has several new features – for example breach notification and data portability. Therefore we thought it would still be useful to familiarise information rights professionals with the GDPR’s main principles and concepts.
Obviously Monzo is planning to expand into the EU though…& this looks like useful guidance on best practice.