The BBA and Data Protection

The BBA is fully committed to compliance with the requirements of the Data Protection Act 1998 (‘the Act’), which came into force on the 1st March 2000.

The BBA will therefore follow procedures that aim to ensure that all employees, agents, consultants, partners or other servants of the BBA who have access to any personal data held by or on behalf of the Association, are fully aware of and abide by their duties and responsibilities under the Act.

In order to operate efficiently, the British Bankers’ Association has to collect and use information about people with whom it works. These may include individuals within the BBA member organisations, individuals from non-member organisations, current, past and prospective employees, clients and customers, and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of central government.

The BBA regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the Association and those with whom it carries out business.

The Association will ensure that it treats personal information lawfully and correctly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and will have appropriate safeguards applied to it to ensure that we comply with the Data Protection Act 1998.

We fully endorse and adhere to the eight principles of Data Protection as set out in the Data Protection Act 1998. These principles state that personal data must be:–

  • processed for limited purposes and not in any other way which would be incompatible with those purposes
  • adequate, relevant and not excessive
  • accurate and kept up to date
  • not kept for longer than necessary
  • processed in line with the data subject·s rights
  • kept secure
  • not transferred to a country which does not have adequate data protection laws
  • fairly and lawfully processed

Our purpose for holding personal data and a general description of the categories of people and organisations to whom we may disclose it are listed in the Data Protection register.

You may inspect this or obtain a copy from the Information Commissioner·s Office. In order to meet the requirements of the principles, we will, through appropriate management and the use of strict criteria and controls:–

  • Observe fully conditions regarding the fair collection and use of personal information;
  • Meet its legal obligations to specify the purpose for which information is used;
  • Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
  • Ensure the quality of information used;
  • Apply strict checks to determine the length of time information is held;
  • Take appropriate technical and organisational security measures to safeguard personal information;
  • Ensure that personal information is not transferred abroad without suitable safeguards;
  • Ensure that the rights of people about whom the information is held can be fully exercised under the Act.

When we collect any personal data from you, we will inform you why we are collecting your data and what we intend to use it for.

We have a responsible marketing policy and do not give details of our customers or related individuals to any other company without the prior consent of the customers.

We may contact customers by mail or e–mail with details of products and services offered by BBA Enterprises, the commercial arm of the BBA. If they do not wish to be marketed in this way they can write to the Data Protection Officer, at BBA, Pinners Hall, 105–108 Old Broad Street, London, EC2N 1EX (quoting their full name and address).

Under the Data Protection Act, any individual may write to the Data Protection Co–Officer at the above address and request a copy of the information which we hold about them.

We reserve the right to charge the maximum fee payable in terms of the Data Protection Act for providing this information. If the details are inaccurate you can ask us to amend them.