Head of Ops, Elise, talks all things GDPR and what it really means for you.

What is GDPR?

The General Data Protection Regulation, more commonly known as the GDPR, will be coming into force on May 25th, replacing its older brother, the Data Protection Act of 1998 📜

The nitty gritty

Since the dawn of time, signing up for products online has meant unwillingly allowing businesses to spam your inbox with random advertisements and marketing emails. Companies have in some cases then sold your data on, without really asking for your consent - think hidden, prefilled consent boxes - to other third parties who use your personal information to further litter your account with pointless promotions.

The GDPR mandates that organisations collect, process and pass on your personal data in a transparent, consenting and secure manner 📝 Companies need to ensure that they only collect and store data necessary for the provision of their service (‘data minimisation’), and that this data can be updated, or deleted if a user so wishes. Last but not least, the data should always be kept safe and processes around data security should be watertight.

What sort of data are we talking about?

GDPR revolves around how your personal data is processed. It splits data into different risk levels: sensitive personal data; personal data; other data.

Personal data relates to any data which enables a person to be directly, or indirectly, identified 🆔 It’s the kind of data you wouldn’t want just anyone getting their hands on, such as :

  • Name
  • Address
  • Phone number
  • Email address
  • IP address
  • Bank account info (account details, transactional data etc)

Many companies processing personal identifiable data will likely need to ask explicit consent from customers during sign-up, for this data to be collected. You can wave goodbye 👋 to the days of pre-ticked boxes in font-size 4 at the bottom of pages, and about time, too.

Plum and GDPR, tell me more...

This week we’ve issued a new Privacy Policy 🔏 to all of our users. This will tell you exactly what data we collect, why it is needed and how it is used. This is public, and you can access it at any time via our website if you ever have any questions around how, or why, Plum uses your data to make you better off.

To throw more goodies into the bag, we’ll be upgrading some of our internal processes to ensure you only have the best technology 🎖️ when it comes to uploading and sending us sensitive identity documentation (think KYC and due diligence). We’ll be introducing a new widget inside the bot, which will enable you to upload a copy of your passport through a secure webview. If only it was that easy to set up a new bank account, cough cough, wink wink.

And finally…

It’s always good to zoom out and look at the broader picture when it comes to why these institutional changes are happening. Along with PSD2, Open Banking, Strong Customer Authentication (SCA) and GDPR, there’s a push from all angles to ensure user data remains the user’s. It should be first and foremost, for the benefit of the user. Sure, it might also have something to do with technological complexity growing so quickly, and thus the demand for security around data sharing. Yet, it’s also about reshaping the way we interact with and value our users: without your data we wouldn’t be doing what we do, and so we’re committed to keep it safe at all times and use it to provide the best possible service we can 💜