Privacy policy and GDPR


Has Starling got an updated privacy policy ready ahead of the EU GDPR coming into force on 25 May? I noticed the current one refers to a £10 admin fee when requesting what information is held about you (section 7.1) but, under the new rules, Subject Access Requests have to be free of charge.


Banking regulations are much tighter than the EU GDPR rules so are NHS etc, the EU rules state about deleting data, banks and doctors have to by law keep that datar, for the NHS that is 8 years, not checked banking rules recently, so apart from changing bits about Subject Access Requests and some other wording, Starling will generally be compliant with most of the regulations already.


Banks, the NHS, etc. all have to comply with GDPR. I’ve had many emails from other banks I do business with regarding my contact preferences.

Under the regulation, you must not keep data for longer than is required. For banks, that may well be 8 years (though I thought it was 6). There are plenty of legal bases that a company may contact an individual without obtaining explicit consent, including contractual or legal reasons.

I was just going through the app tonight and happened upon the privacy policy. Not having read it before, I had a quick look and the £10 fee jumped out at me as I know those fees are being banned. Just wondered if Starling had their updated policy ready :slight_smile:


I’m pretty confident they’ve got the right legal and compliance teams ready for the 25th May :slight_smile: #GDPR


I’m sure they’ll be on the ball but you’d be surprised how unprepared a lot of companies are - only 15% reckon they’ll be fully compliant by 25th!


I noticed that Starling have posted a amended private policy today.


I’ve been getting an absolute raft of emails over the last two weeks concerning GDPR from all of the companies that I regularly deal with, so lots of them are on the ball.

And a funny old thing lol! I’ve just got an email from Starling advising of their updated privacy notice. :stuck_out_tongue_winking_eye:


Yes, but there’s a lot more work to do behind the scenes than most people would imagine. Many companies have been working to achieve compliance for over a year. The majority of companies will be aiming for a defensible position come the 25th and will then continue to evolve their data protection policies and processes.


What timing! :smile:


Yes mate, bizarre! I was just literally typing out that previous post and it popped up :grin:


You want to get the lottery on tonight with powers like that :wink: