Welcome to the Bank of Scotland General Data Protection Regulation (GDPR) information site

The site contains information about the GDPR changes. It includes some considerations when getting your organisation ready for GDPR, as well as providing you with details on where to go for further information.

You can also find details of the changes that Lloyds Banking Group is making for compliance and what this means for your business.

What is GDPR and what’s changing?

The General Data Protection Regulation (GDPR) is an opportunity for every organisation to embrace the changes that give individuals' more control and rights over their personal data. Safeguarding the personal data of our customers and colleagues is a priority for Lloyds Banking Group. We welcome the measures introduced through GDPR, and encourage our customers and partners to take action too. The new regulation is receiving a lot of attention. If your business works with personal data, then you need to make sure you are GDPR ready by the time it becomes enforceable on 25th May 2018.

The GDPR regulation is all about giving people greater control over what happens with their personal data and strengthens everyone’s rights. Some of the key changes:

  • Greater control for everyone – your customers and your employees
  • More responsibility and obligations for controllers and processors to protect individuals’ rights
  • Keeping individuals informed and providing clarity about what your organisation is doing with the personal data you collect, hold and use
  • Increased Individual rights including the ‘right to be forgotten’ and the ‘right to restrict’ what is being done with personal data
  • The right to compensation when an individual’s rights are not upheld
  • Mandatory reporting for data breaches
  • Quicker response times and no charges for data subject access requests, as well as providing in the requested format
  • Changes to the way in which marketing consent is given – consent must be freely given
  • Greater responsibility on everyone to take personal data seriously

What do I need to consider?

All organisations have legal and regulatory obligations to ensure compliance with existing and any new data privacy legislation. This new EU legislation strengthens individual privacy rights and requires that data privacy forms part of everything we do. Whether you are designing new products, working with customers and/or suppliers or dealing with employees, every organisation has a responsibility to ensure compliance when dealing with personal data. GDPR represents the biggest overhaul of European Data Privacy legislation in 20 years, superseding the EU Member State laws on Data Privacy including the UK’s Data Protection Act 1998. Everyone needs to be working within the new and enhanced framework. For customers & employees, the new regulation requires you to:

  • deliver on their privacy rights
  • protect their personal data
  • be transparent around what you are doing with their personal data

Updated terms and conditions

We wrote to you in May to let you know about some changes to the terms and conditions for some of our products. You can find the updated terms and conditions below. You can use either the product name or the document number to confirm which of your products are changing.

Loan Agreements

Fixed-sum loan agreement

Business loan agreement

Practice equity loan

BACSTEL-IP (Bacs payments and Direct Debits)

BACSTEL-IP Direct Submitters

BACSTEL-IP Indirect Submitters

Pension & Trust Accounts

Your authority to operate account(s) for a Pension Trust/Scheme

Business Debit Cards

Your application for a Business Debit Card

Currency Accounts

Application to open a Currency account For existing Commercial customers

International Money Mover

Terms and Conditions for International Moneymover For commercial customers

Where can I find out more?