What does GDPR mean for banks? - Part 1
2018.04.19. 08:00 | Hírek
Countless articles have recently been threatening with many millions of fines regarding GDPR, however, the point has not been made, that is, what will this new regulation bring? Suiting our profile, we asked Bancard Ltd. expert Gabriella Haász-Tóth about the rules concerning banks mainly.
Péter Homa, Bankkártya.hu (BKHU): - Enormous amount of information floods through us considering the four-letter magic word GDPR, but we only hear about the fines usually. What exactly is this GDPR?
Gabriella Haász-Tóth, Bancard Ltd. (H.G.): - GDPR is the general data protection regulation of the European Union applying to all Member States from May 25th, 2018, that helps primarily natural persons protect their data. Although it is uniform in the European Union, Hungary is in a special situation in this aspect, as the regulation is and has been fairly strict here already. The Hungarian FOIA has already provisioned many rules concerning freedom of information and right of self-determination of natural persons, so the companies that abode by the law and were operating in accordance with those rules are now trying to pinpoint the items in GDPR that differ and will be stricter.
BKHU: - Narrowing it down to banks, what novelties can be expected regarding the introduction of GDPR?
H.G: - In regard to banks, this will affect profiling and automated decision making probably the most prominently. Banks are a relatively special area for GDPR, as while profiling means the most accurately targeted offering of products for a webshop, in case of banks, profiling is not just targeting but also a huge part of risk management. GDPR states that subjects, that is, all those who data protection applies to, has the right to know what kind of profile did the organization, in this case a bank, make about him/her. This information must be handed out upon subject request, however, as far as we know there is no consensus on how detailed and deep information must be handed out.
BKHU: - Can a resolution be expected from lawmakers, professional organizations or even from the state?
H.G: - The Hungarian Banking Association is dealing with the issue and they are expected to propose a recommendation that details what complies with the legislative intent, that is, the subjects' right of self-determination and freedom of information is not infringed and does not jeopardize banks' interests of risk management at the same time. These are typically those kinds of rationale that banks are reluctant to reveal, so there must be a trade-off where the rights of subjects are not infringed and banks do not disclose business information or banking secret they wouldn't want to or is prone to abuse.
BKHU: - Profiling has benefits for clients as well. If clients give consent to controlling all his/her data and does not request a statement, do banks have to act the same way as before and clients can enjoy the same benefits or there will be changes either way?
H.G: - There will surely be a change: the regulation states that subjects have the right to request that profiling and automated decision making shall not be applied to them. Since banks link these to such services or business products that cannot be provided without these, in this case they have the right to tell the client they won't provide the given service or product, as it cannot be worked out.
<To be continued>