Financial Times and the General Data Protection Regulation (GDPR)

FT Group Subscriptions give an organisation, or a group of users in an organisation, the right to access Financial Times articles on FT.com and via third party services. You can read about how our group subscriptions work on our website or you can contact us for more information.

Our privacy policy explains the data processing practices of the Financial Times and our terms and conditions describe the permitted use of FT content.

The Financial Times takes the privacy of its users seriously. We’ve put together some frequently asked questions to help customers understand more about GDPR and the FT.

The FT is controller of reader data for GDPR purposes, not a processor on behalf of the client. This means that all individual readers are able to enjoy the full benefit of the FT’s services and have control over their own preferences. An individual agrees to the FT’s privacy policy and terms & conditions when he/she registers for an FT.com account. The personal data collected from the use of FT.com is governed by the FT's privacy policy and the FT is the controller of that data.

The FT provides clients with a signup link where readers can register for FT.com access. The FT and/or client can invite readers to register for FT.com via the signup link. The signup link will ask readers to accept the FT.com terms and conditions and privacy policy, as well as state their communication preferences.

The FT asks readers to provide their email address, name, job title and country when registering for FT.com access. The IP address of readers is processed to identify whether a reader belongs to the client organisation and to protect against cyber attacks. For details of other personal data that we collect from readers and how we use it, please see our privacy policy.

The FT commits to comply with its privacy policy and with readers’ stated preferences on marketing and communications. These preferences can be reviewed and amended by individuals at myaccount.ft.com.

The FT and its suppliers host customer data in the EU, US and elsewhere in the world. In all cases, the FT ensures that appropriate access, encryption and security features are in place to protect customer data and information processing facilities. Where customer data is hosted outside the EU, the FT takes steps (such as use of EU model clauses or Privacy Shield) to ensure that users’ rights are protected.

The FT has formal policies in place to ensure compliance with all relevant legislation including data protection and misuse of computer legislation. All personal data are systematically encrypted to strong industry standards. Our IT compliance team conducts regular security reviews and security technology/processes are audited by a third party twice a year.

In the event that GDPR no longer applies to the UK, the FT will continue to put in place measures that ensure the FT can continue to provide the service in accordance with GDPR.

The FT has deployed a Network Intrusion Detection System (IDS) on internet facing systems and internal systems. A central logging and alerting system is in place for processing security logs and we perform regular vulnerability scans of internal and internet facing systems.

If you haven't found the answer you're looking for please contact support.