Financial Times and the General Data
Protection Regulation (GDPR)
The Financial Times takes the privacy of its users seriously. We’ve put together some frequently asked questions to help customers understand more about GDPR and the FT.
Frequently Asked Questions
If you haven't found the answer you're
looking for please contact support.
Users are asked to set their preferences when they register on FT.com. These determine the majority of communication we send. Users can update these preferences at any time here: https://www.ft.com/myft/alerts/.
Services messages are sent to all users and users cannot opt out of these.
The communications we send to readers are split into three categories:
- Top stories & features
- Invites & offers from the FT
- Service messages
Top stories & Features: This category of communication includes personalised special reports, recommended reads and the latest feature announcements.
Invites & offers from the FT: This category of communication includes exclusive personalised event invitations, carefully-curated offers and promotions from the Financial Times.
Service Messages: Service messages are sent to a reader when an important update is relevant to them and will impact their subscription or usage of FT.com.
Within ‘Top stories & Features’ and ‘Invites & offers from the FT’, readers can manage their contact preferences by each channel - email, phone and post, separately. Or they can choose to opt out of all communications, except service messages.
The preferences provided by individuals on an FT Group Subscription supercede policies agreed with the customer organisation or employer.
Readers can review and amend their personal preferences for marketing and communications at https://www.ft.com/myft/alerts/.
The FT and its suppliers host customer data in the EU, US and elsewhere in the world. In all cases, the FT ensures that appropriate access, encryption and security features are in place to protect customer data and information processing facilities. Where customer data is hosted outside the EU, the FT takes steps (such as use of the "standard contractual clauses" approved by the EU for data transfers) to ensure that users’ rights are protected.
Following the recent Schrems II decision, in which the Court of Justice of the European Union ruled the EU/US Privacy Shield invalid, the FT is reviewing its arrangements with US suppliers to ensure adequate protection for personal data, including use of the standard contractual clauses where required.
The FT has formal policies in place to ensure compliance with all relevant legislation including data protection and misuse of computer legislation. All personal data are systematically encrypted to strong industry standards. Our IT compliance team conducts regular security reviews and security technology/processes are audited by a third party twice a year.
In the event that GDPR no longer applies to the UK, the FT will continue to put in place measures that ensure the FT can continue to provide the service in accordance with GDPR.
The FT has deployed a Network Intrusion Detection System (IDS) on internet facing systems and internal systems. A central logging and alerting system is in place for processing security logs and we perform regular vulnerability scans of internal and internet facing systems.