What is Receipt Bank doing for GDPR?

At Receipt Bank we are committed to respecting your privacy and ensuring that your data is secure. 

You may have heard that the EU General Data Protection Regulation ("GDPR"), a new regulation that aims to enhance the privacy rights of EU citizens, comes into force on 25th May 2018With this in mind, we wanted to update you on Receipt Bank's internal compliance programme that ensures we meet the requirements of GDPR - please take a look below for an overview of the key areas. 


Area  How we will comply
 Privacy Policy

We have amended our Privacy Policy to reflect GDPR requirements, such as the inclusion of new sections in relation to our legal basis for processing data and data subject rights.

 Training and policies 

We have implemented a new Data Protection Policy internally and have also rolled out a GDPR training programme across our group companies. 

 Processing Activities and Accountability

We have been working to compile comprehensive documentation about the data that we collect and process, out lawful bases for processing and any potential recipients of that data.

 Data Protection Impact Assessments

We have established a process to ensure that Data Protection Impact Assessments will be undertaken where appropriate in order to identify and mitigate privacy risks. 

 Data Subject Rights

We are introducing new processes to enable us to respond to requests by data subjects to exercise their rights under GDPR, such as requests to access, rectify, erase or port their data.


We have implemented appropriate technical and organisational measures to safeguard the security and integrity of your data. All data is stored with a trusted and accredited third party and is only accessible through encrypted channels. We are ISO 27001 certified and have implemented information security policies internally.


We are ensuring that we adhere to GDPR requirements as to how we capture and record marketing consents.

 Service Providers

We have reviewed our contracts with third party providers that process data on our behalf and are putting in place GDPR-compliant Data Processing Agreements where necessary.

 Data Exports

We will ensure that any transfers or personal data to countries outside the European Economic Area are only made on the basis of the EU Model Clauses, or where other adequate safeguards are in place.

 Breach Notification

We have introduced a new breach notification procedure to ensure that we take appropriate steps, including notifying you and/or appropriate regulatory bodies, should a data breach occur.

 Data Processing Addendum

We have prepared a GDPR-compliant Data Processing Agreement to be used when Receipt Bank acts as a Data Processor of the data that you provide to us as a Data Controller. 


How can I access the Data Processing Agreement?

We have prepared a GDPR-compliant Data Processing Agreement to be used when Receipt Bank acts as a Data Processor of the data that you provide to us as a Data Controller. You can download a .docx copy of this agreement by clicking here, or click here to view and download a .pdf copy.

Once completed, please send a scanned copy of the Agreement to dpa@receipt-bank.com. If you have any queries, feel free to get in touch with our Support Team