As the new General Data Protection Regulation (GDPR) comes into effect on 25th May 2018, we are writing generally to confirm our position. We have reviewed our complete process in terms of how we intend to interact with our Broker partners which is outlined below.

We have been actively working since April 2016 to implement the changes required to be ready for GDPR, placing the highest priority to the security of our customers’ assets and information which will continue under GDPR.

Our position on GDPR:

• The bank’s GDPR programme has reviewed its relationship with its intermediaries and standard contract terms. The position is that both the bank and the intermediaries are independent controllers of the personal data they process under their agreements with each other. This reflects the generally accepted view of the relationship between banks and intermediaries/brokers and it is, in fact, as a controller that the bank is registered and regulated by the Information Commissioner’s Office in relation to regulated financial services. This means, that the bank has full responsibility for data protection compliance as regards the personal data under its control.
• The agreements we have in place with our intermediaries do not need amending for compliance with GDPR. The mandatory terms listed in Article 28 of GDPR only apply to controller-to-processer contracts, and not to controller-to-controller contracts. We are however reviewing our contracts in light of the wider changes introduced by the Regulation and will notify all the intermediaries of any proposed variations not linked to Article 28 in due course.

If you have any questions, please in the first instance refer to the ICO’S helpful page on GDPR.