Managing my financial journey
Managing my financial journey

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

4.3.4 Data protection

One inevitability of financial services business is that firms will gather a considerable amount of personal data about their customers – much of it relating to their financial status and to the location of their assets (e.g. their bank accounts). The risk is that this could fall into the wrong hands and be misused to the customer’s disadvantage.

The importance of data protection applies widely in economic and social life, and does not just relate to financial services activities – although the potential for financial loss through poor data protection is arguably greatest in the arena of financial services.

Regulations about the way financial services firms are governed by the Data Protection Act 2018. This has replaced the regulatory framework laid down by the Data Protection Act 1988 and it represents the UK’s implementation of the European Union’s General Data Protection Regulation (GDPR).

The guiding data protection principles that apply are that all information held by firms must be used lawfully, fairly and transparently. Additionally the information gathered must be both accurate and limited only to what is necessary. All information must be held securely. The 2018 Act also provides stronger legal protection in respect of sensitive information about such matters as ethnicity, political views, religious opinions, health and sexual orientation.

So what rights do people now have under the 2018 Act?

There is the right to find out what information is held about you. This includes the right to:

  • be informed about how your data is being used
  • access your personal data
  • have incorrect data changed
  • have data erased
  • stop or restrict the processing of data
  • allow the portability of data (e.g. its reuse for other services)
  • object to how your data is used in certain circumstances
  • approve use of your data for profiling activities (e.g. predicting your interests).

If you wish to find what information about you a firm holds you need to contact their Data Protection Officer (DPO). If you are not sure who this is then address your communication to the company secretary. Under normal circumstances the details of the data held must be provided within a month.

If you have a complaint about the information that is being held or about how it is being used the matter should be taken up with the Information Commissioner’s Office (ICO) ( [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] ).

The Information Commissioner has the responsibility for ensuring that the regulations laid down by GDPR and the Data Protection Act 2018 are being applied appropriately.

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371