The impact of the General Data Protection Regulation on the banking sector: Data subjects’ rights, conflicts of laws and Brexit

Click the button below to download the full text of the article.

Abstract: The General Data Protection Regulation (GDPR) will undoubtedly have an impact on how businesses manage compliance in the coming years. The banking and finance sector is not immune. It does however already operate in a heavily regulated environment, because the type of personal data banks receive, while not generally fitting the definition of ‘sensitive personal data’ in the EU, is still highly vulnerable data that could see the data subject becoming a victim of fraud or other financial crime. Between the NIS Directive and the GDPR, what then will be the impact of additional toothy, large-scale regulations requiring databases full of documentation for auditability, transparency and accountability on an industry already (presumably) running a very tight compliance ship? 

This paper addresses:
● the key changes of the GDPR (and for completeness, the NIS);
● what happens when these laws conflict with other applicable regulations;
● other changes in the banking in general, including the end to banking secrecy in light of certain elements of the GDPR around sharing of personal data; and
● the impact Brexit will have in the context of regulating privacy in a non-GDPR environment.

Keywords: banking, GDPR, banking secrecy, NIS Directive, financial crime

Lori Baker: Until her recent relocation to Dubai, UAE, Lori Baker was a Senior Associate at Fieldfisher LLP in London, in the Privacy, Security and Information team led by Hazel Grant. Her primary areas of focus over the past 11 years have been in Data Protection and Regulatory Compliance and her strengths are in the areas of global/EU data protection, anti-corruption and ethics, IT and telecoms outsourcing, as well as global telecoms regulation and commercial contract negotiation.