Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The impact of the General Data Protection Regulation on the banking sector: Data subjects’ rights, conflicts of laws and Brexit
Journal of Data Protection & Privacy,
1
(2),
137-145
(2017)
Abstract
The General Data Protection Regulation (GDPR) will undoubtedly have an impact on how businesses manage compliance in the coming years. The banking and finance sector is not immune. It does however already operate in a heavily regulated environment, because the type of personal data banks receive, while not generally fitting the definition of ‘sensitive personal data’ in the EU, is still highly vulnerable data that could see the data subject becoming a victim of fraud or other financial crime. Between the NIS Directive and the GDPR, what then will be the impact of additional toothy, large-scale regulations requiring databases full of documentation for auditability, transparency and accountability on an industry already (presumably) running a very tight compliance ship? This paper will address: ●● the key changes of the GDPR (and for completeness, the NIS); ●● what happens when these laws conflict with other applicable regulations; ●● other changes in the banking in general, including the end to banking secrecy in light of certain elements of the GDPR around sharing of personal data; and ●● the impact Brexit will have in the context of regulating privacy in a non-GDPR environment.
Keywords: banking; GDPR; banking secrecy; NIS Directive; financial crime
The full article is available to subscribers to the journal.
Author's Biography
Lori Baker Until her recent relocation to Dubai, UAE, Lori Baker was a Senior Associate at Fieldfisher LLP in London, in the Privacy, Security and Information team led by Hazel Grant. Her primary areas of focus over the past 11 years have been in Data Protection and Regulatory Compliance and her strengths are in the areas of global/EU data protection, anti-corruption and ethics, IT and telecoms outsourcing, as well as global telecoms regulation and commercial contract negotiation. Lori has been admitted to the bar in two jurisdictions in the US (Pennsylvania (1998) and New Jersey (2002)), and has been a qualified Solicitor of England and Wales since 2012. Her certifications include ISEB certification in data protection and until April 2016 she held a certification as a Certified Compliance and Ethics Professional – International (CCEP-I) with the Society of Corporate Compliance and Ethics. Lori is now based in Dubai and is continuing her work as a Legal and Compliance professional.
