General Data Protection Regulation (GDPR)

The UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO), has described the GDPR as being “the biggest change to data protection law for a generation”. The EU adopted the GDPR in 2016; however it won’t be fully enforced in the United Kingdom until 25 May 2018.

Although the GDPR introduces new and enhanced requirements for businesses that process personal data, the principles for managing personal data that businesses must adhere to, remain largely unchanged from the regulations it replaces which are the EU Data Protection Directive and the UK Data Protection Act 1998.

Who does the GDPR apply to?

The GDPR applies to all businesses that control or process ‘personal data’ relating to ‘data subjects’ living in the EU. Therefore it applies to Brown Shipley.

‘Personal data’ is defined as “information relating to a natural person or ‘data subject’ that can be used to directly or indirectly identify the person”. This can come in the form of a name, email address, bank details, medical information, photograph etc.

A ‘data subject’ is an individual who is the subject of personal data. For example, Brown Shipley processes personal data about all its clients, making each client a data subject.

Firms must now offer individuals real choice and control over how they use their personal data. If a firm requires explicit consent to process personal data then it must be sought from the individual via a clear statement of intent, without misinterpretation.

Changes that might affect you.

The GDPR aims to provide you with more control over how your personal information can be used. The regulation will achieve this by strengthening the rights you have over your personal data:

1. Right to be informed - The right to be informed encompasses Brown Shipley’s obligation to provide ‘fair processing information’, typically through a privacy notice.

2. Right of Access - Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.

3. Right to Rectification - The GDPR gives individuals the right to have personal data rectified if it is inaccurate or incomplete.

4. Right to Erasure - Also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

5. Right to Restriction of Processing - Individuals may be entitled to limit the purposes for which the controller can process their personal data.

6. Right to Data Portability - Allows individuals to obtain and reuse their personal data for their own purposes across different services.

7. Right to Object - Individuals have the right to object to:

What next?

Please do not hesitate to contact your usual Brown Shipley adviser at any time should you have any questions regarding these changes and how they may impact you.

Mike Hudson
Chief Risk Officer


Non-Independent Research

The information contained in this article is defined as non-independent research because it has not been prepared in accordance with the legal requirements designed to promote the independence of investment research, including any prohibition on dealing ahead of the dissemination of this information.

How to Use this Information

This article contains general information only and is not intended to constitute financial or other professional advice or a recommendation that any recipient of this information should make any particular investment decision. Always consult a suitably qualified financial advisor on any specific financial matter or problem that you have.

Except insofar as liability under any statute cannot be excluded, neither Brown Shipley nor any employee or associate of them accepts any liability (whether arising in contract, tort, negligence or otherwise) for any error or omission in this article or for any resulting loss or damage whether direct, indirect, consequential or otherwise suffered by the recipient of this article.

Investment Risk

Investing in stocks either directly or indirectly carries investment risk. The value of equity based investments may go down as well as up over time due to factors such as, market volatility, interest rates, and general economic conditions.