Preparing for Brexit: data protection and banks
As the banking sector moves further towards a digital era, dealing with and processing personal data is a vital part of modern banking operations. The movement of personal data between locations is a central part of many banks, which allow banks to service their customers’ needs and banking operations. The free flow of data is becoming an everyday part of the operational business for many banks.
Following the UK's exit from the EU, banks located in the EU and the United Kingdom will operate in two separate regulatory and supervisory environments and will no longer enjoy the benefits of the Single Market.
What steps should banks be taking to ensure that they are prepared for the end of the transition period?
The starting point is to examine the flow of personal data. Banks should take stock of personal data it holds so that it can distinguish between data acquired before the end of the Transition Period and after.
Banks need to ask themselves the following questions:
- What kind of data do you receive?
- Where do you get it from?
- Why do you collect it?
- Where do you store it?
- How long do you keep it for?
- What contracts have you got in place for the collection and for the storage of the personal data?
- Who do you transfer this data to?
- If transferring to a third party country, what protective measures and safeguards do you currently have in place?