Do banks really erase our data at a click of a button, if the age of GDPR comes?
2018.05.03. 08:00 | Hírek |
A magyar verzió itt olvasható.
This is the part 3 of 4-part series of articles. <<< Part 1 <<< Part 2
In the first part of our 4-part series of articles, we discussed in general what changes does GDPR bring in our financial habits and in the second part, we covered specific details about it. So far, we talked about profiling and automated decision making but what’s the deal when we leave the bank or just request to erase our data. Bancard Ltd. expert Gabriella Tóth-Haász responds to the questions of Bankkártya.hu.
Péter Homa, Bankkártya.hu (BKHU): - A few years ago, I closed my account at one of the banks, which had been operating for 17 years or so by then, and two years after I went again to the same bank for a new product and to my greatest surprise all of my previous data was offered by the system. I’m sure those data were not from the residential address archives because unique data were there, such as a private PO box address. I was astonished that after breaking off contact with the bank, my data were stored nonetheless, and what’s more, they were offered at recontracting. Back then I thought it was an infringement, but can it be that the FOIA allowed this till now?
Gabriella Tóth-Haász (H.G.): - FOIA is one of the strictest data protection act in Europe and it included provisions on erasure, however, I’d rather say it wasn’t regulated this way. This one irretrievable erasure and the client’s right to “be forgotten” has not been declared so far. Banks have already been working with depersonalized and anonymized data in test systems, which were derived from old client data, so in most cases they were accessible in some way. This means the banks retained these data and they could reload and use them from some inactive files when needed. Theoretically, from May 25th, 2018 they will not be allowed to do that, if the client breaks off contact with the bank and does not give consent for further data handling. In this case, it will be difficult to find claim for further data handling that enables a bank to handle inactive client data nonetheless (unless provisioned by an act, such as the Accountancy Act), furthermore, an even more interesting case will be the right to data portability, which says that the subject shall have the right to receive the personal data concerning him or her in a “commonly used and machine-readable format” and have the right to transmit those data to another controller. How the bank will accomplish this interests many. Of course, the data can still be stored with a data protection ID for statistical purposes.
BKHU: - And you surely cannot trace a client back from this?
H.G: - The point of the new regulation is to make the client unidentifiable. Regarding the previous example, it will not be possible that a client, who terminated his/her contract years ago and is not the client of the bank, enters the branch and his/her old data is reoffered. He/she must be established in the bank systems as an entirley new client.
BKHU: - Are these complex bank systems, that sometimes consist of several subsystems, really going to be able to do this from May 25th, 2018 as we have been talking about it? Isn’t it a utopia?
H.G: - Banks must have gone through this part of the preparation process. This preparation must have started with mapping the data management processes. This resulted in the establishment of a map that reveals where and at what services are each of the client data managed in the architecture. This was necessary for certain erasure from everywhere, if the data needed to be erased. It is indeed not as simple as that to be able to erase the data from all systems, if that one delete button is pressed.
First, you have to know the number of instances that certain data appears, what is its purpose and on what claims is it handled. It may indeed occur that its data management claim has been withdrawn for one data management purpose in a certain system but in another system the data is still legally handled. It can be determined what data is to be erased and what isn’t based on this data map. What needs to be erased, however, must be erased indeed.