The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the European Commission in January 2024 on the GDPR. The Commission seeks to evaluate the implementation of the rules six years after they were put into effect.


The primary EU legislation ensuring the fundamental right to data protection is the General Data Protection Regulation. It outlines the rights of individuals and imposes responsibilities on organizations and businesses handling the personal data of individuals within the EU.

ESBG response to the consultation

ESBG requests prioritized focus on GDPR compatibility with new technologies and refining the material scope. ESBG advocates for a pragmatic approach, aligning with the UK’s data protection reform. This means that “personal data” should be limited to those data that enable the identification of a natural person only at the time of the processing. Additionally, ESBG seeks guidelines for the effective anonymization of personal data, emphasizing clear definitions. Concerning the right of information, ESBG proposes that updated data protection information be available on the website of the data controller for subsequent amendments, rather than directly notifying data subjects. ESBG highlights the challenge of divergent jurisdictions among Member States’ data protection authorities, leading to legal uncertainties. ESBG notes issues such as granting data protection rights to legal persons in certain Member States and the impact of banking secrecy on personal data processing standards. Finally, ESBG calls for better assistance from national authorities in interpreting GDPR, urging legislative reinforcement for clearer guidance tailored to specific cases and practical business considerations.

ESBG’s response in PDF