Financial Times and the General Data Protection Regulation (GDPR)

FT Group Subscriptions give an organisation, or a group of users in an organisation, the right to access Financial Times articles on FT.com and via third party services. You can read about how our group subscriptions work on our website or you can contact us for more information.

Our privacy policy explains the data processing practices of the Financial Times and our terms and conditions describe the permitted use of FT content.

The Financial Times takes the privacy of its users seriously. We’ve put together some frequently asked questions to help customers understand more about GDPR and the FT.

The FT is controller of reader data for GDPR purposes, not a processor on behalf of the client. This means that all individual readers are able to enjoy the full benefit of the FT’s services and have control over their own preferences. An individual agrees to the FT’s privacy policy and terms & conditions when he/she registers for an FT.com account. The personal data collected from the use of FT.com is governed by the FT's privacy policy and the FT is the controller of that data.

The FT provides clients with a signup link where readers can register for FT.com access. The FT and/or client can invite readers to register for FT.com via the signup link. The signup link will ask readers to accept the FT.com terms and conditions and privacy policy, as well as state their communication preferences.

The FT asks readers to provide their email address, name, job title and country when registering for FT.com access. The IP address of readers is processed to identify whether a reader belongs to the client organisation and to protect against cyber attacks. For details of other personal data that we collect from readers and how we use it, please see our privacy policy.

Users are asked to set their preferences when they register on FT.com. These determine the majority of communication we send. Users can update these preferences at any time here: https://www.ft.com/myft/alerts/.

Services messages are sent to all users and users cannot opt out of these.

The FT commits to comply with its privacy policy and with readers’ stated preferences on marketing and communications. These can be updated at any time by going to https://www.ft.com/myft/alerts/.

The communications we send to readers are split into three categories:

  • Top stories & features
  • Invites & offers from the FT
  • Service messages

Top stories & Features: This category of communication includes personalised special reports, recommended reads and the latest feature announcements.

Invites & offers from the FT: This category of communication includes exclusive personalised event invitations, carefully-curated offers and promotions from the Financial Times.

Service Messages: Service messages are sent to a reader when an important update is relevant to them and will impact their subscription or usage of FT.com.
Within ‘Top stories & Features’ and ‘Invites & offers from the FT’, readers can manage their contact preferences by each channel - email, phone and post, separately. Or they can choose to opt out of all communications, except service messages.

The preferences provided by individuals on an FT Group Subscription supercede policies agreed with the customer organisation or employer.

Readers can review and amend their personal preferences for marketing and communications at https://www.ft.com/myft/alerts/.

The FT and its suppliers host customer data in the EU, US and elsewhere in the world. In all cases, the FT ensures that appropriate access, encryption and security features are in place to protect customer data and information processing facilities. Where customer data is hosted outside the EU, the FT takes steps (such as use of EU model clauses or Privacy Shield) to ensure that users’ rights are protected.

The FT has formal policies in place to ensure compliance with all relevant legislation including data protection and misuse of computer legislation. All personal data are systematically encrypted to strong industry standards. Our IT compliance team conducts regular security reviews and security technology/processes are audited by a third party twice a year.

In the event that GDPR no longer applies to the UK, the FT will continue to put in place measures that ensure the FT can continue to provide the service in accordance with GDPR.

The FT has deployed a Network Intrusion Detection System (IDS) on internet facing systems and internal systems. A central logging and alerting system is in place for processing security logs and we perform regular vulnerability scans of internal and internet facing systems.

If you haven't found the answer you're looking for please contact support.