DATA

PROTECTION

“I think there is no doubt that data protection is crucial for our citizens as personal data protection is a fundamental right in the EU. But it is also crucial for our business as data protection is a gateway issue for trust in the digital economy.”

“The EBF believes the new EU privacy regulation presents an opportunity for banks to build even stronger customer relationships, based at its core on trust. Clients in the banking sector have for long entrusted banks with their data. The sector is committed in making sure that client data is protected.”

“Companies doing business in Europe will benefit from the GDPR as it provides legal certainty and makes it easier to operate across the internal market. In addition, being compliant with the GDPR will contribute to the good reputation of companies. In our data-driven economy a reputation can be destroyed within a few days if people loose trust in whether a company handles their data carefully.”

The ever-increasing possibilities on data storage and use are revolutionising the way customers are served and businesses operate. Consumers expect banks to be able to deal with financial data in a highly confidential and trustworthy manner, as this has traditionally been the case.

There are challenges which may arise from the misuse of data, information asymmetries and data security. Such concerns are taken seriously by the banking industry, as trust and integrity are its biggest assets. Confidence in banks as trusted parties is essential for their reputation and business model, a fact which adds to the efforts and investments put into maintaining and improving set-ups ensuring the safety of customer data.

The benefits of digitalisation can only be reaped if each and every stakeholder adheres to the same high standard, and if the financial services’ industry can apply data-based innovation in a clear regulatory environment that is the same for all players.

General Data Protection Regulation

As of 25 May 2018, the General Data Protection Regulation (GDPR) has entered into force. The GDPR aims at giving data subjects in Europe greater control over their personal data and ensure the free movement of these data in the European internal market.

The EBF believes the new EU privacy regulation presents an opportunity for banks to build even stronger customer relationships, based at its core on trust. Clients in the banking sector have for long entrusted banks with their data. The sector is committed in making sure that client data is protected.

Implementing successfully the GDPR remains a key priority for the industry, in particular for the banking sector. Consumer data has been indeed at the heart of the banking business model for a long time and affects every level of banking activity (payments, retail and investment banking, insurance, cloud computing, cybersecurity, blockchain, fraud and anti-money laundering prevention, creditworthiness assessment, automated advice, social affairs, etc.).

Source: European Commission

Member of the European Commission Multistakeholder expert group to support the application of the GDPR

As a member of the European Commission’s Multistakeholder Expert Group to support the application of the GDPR, the EBF is committed in providing input to and working closely with the Commission and other relevant stakeholders at EU and national level to ensure the smooth application of the GDPR in the banking sector.

As European Banking Federation (EBF) we believe that the General Data Protection Regulation (GDPR) is a key element for the creation of the European Union’s Digital Single Market, contributing to align data protection requirements across the EU.

Source: European Commission

Other resources

ePrivacy Regulation:

The EBF strongly believes we need a simple and technology-neutral regulation which will in turn provide strong and future-proof protections to consumers.

Please see the join-industry letters co-signed by the EBF here and here.

Cross-border data flows:

When personal data is transferred outside the European Economic Area, special safeguards are foreseen to ensure that the protection travels with the data.

Please see more details here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/rules-international-transfers-personal-data_en.

The EU should also ensure that trade agreements include protections against data flow restrictions and against requirements to locate data centres and computing facilities in-country as a condition of doing business.

Please see the joint-industry letter on the European Commission Proposal on Data Flows in trade agreements

European Data Protection Board:

The European Data Protection Board (EDPB) is an independent European body composed of representatives of the national data protection authorities and the European Data Protection Supervisor (EDPS). It contributes to the consistent application of data protection rules throughout the European Union. Please see the EDPB website. https://edpb.europa.eu/edpb_en

EBF Positions
All/Article 29 WP/WP29