You have total control of your data
From all sides you are currently submerged with GDPR related messages. The new European Data Protection Regulation will enter into force everywhere on 25 May 2018. Everywhere, which means at your bank too. The key points of this legislation are: an enhanced security, a broadened scope and the right to be forgotten.
You cannot avoid it these days, GDPR is everywhere. It is the one acronym you are bound to have heard or seen on any screen. And still, the issue is not new. The old legislation already dates back from 1995 and had to be revised to be able to deal with the current volumes and uses of personal data. That is exactly why you need to consider the implementation of the General Data Protection Regulation (GDPR) somewhat as a big bang.
Maximum scope of application
In defining personal data, the legislator has been as broad as possible: “any information relating to an identified or identifiable natural person”. Unlike the 1995 Directive, explicit reference is made to names, location data, online identifiers and genetic elements, in addition to identification numbers (bank account, telephone number, licence plate, etc.) and physical, physiological, psychological, economic, cultural or social characteristics.
From a territorial point of view, the GDPR constitutes a single regulation applicable both to all organisations within the European Union (EU) and to companies which are not established in the EU, but which offer goods or services to persons located in the EU. This means that American technology giants Google, Amazon or Facebook are now required to comply with European legislation.
Your rights to your data
Thanks to GDPR establishes you have many rights to your personal data: such as:
- The organisation’s duty to provide informationt
When collecting data, every organisation has an obligation to inform you of the purposes of the processing and of their rights.
- Right of access
Every organisation is required to provide you upon request with all the data concerning you, and to inform you of the processing that has been carried out.
- Right to be forgotten
The right to be forgotten or right of erasure provides for the deletion of any personal data in a series of cases. For example, they must be deleted if you object to their processing, if they are no longer necessary for the purposes pursued or at the end of the legal retention periods/the periods set at the time of data collection.
- The right to data portability
You can request to receive all your personal data in a commonly-used, machine-readable format in order to transmit them to another data controller. This right will facilitate the transfer of personal data when changing banks, social networks, telephone operators, etc
Every organisation collecting personal data must be able to prove that it has taken all the technical and organisational measures required to ensure its protection. This includes the appointment of a Data Protection Officer (DPO) and the security of the information system.
Any data leak must be reported to the competent national authority, the Data Protection Authority in Belgium. In the event of non-compliance, the organisation can incur significant penalties, including fines of up to €20 million or 4% of turnover for large companies.
At Keytrade Bank …