The adopted General Data Protection package is an important piece of the puzzle for creating a clear legal framework for data in Europe.
The adoption means locally focused savings and retail banks will be able to continuously carry out their sound and responsible lending practices. Credit scores, which are key for such a practice, will remain a part of the lender assessment toolbox. Clarification will still be needed, however, in the compliance area. Responsible sectorial guidance from the European Data Protection Board (EDPC) that can be adapted to every day banking practices will be essential in this regard.
As the data subject is at the centre of this initiative, not all issues around business opportunities and technical aspects of data are addressed. Areas where further clarification through legislation is needed are data portability, usability of data and access to data as well as data ownership. Beyond that, clear legal rules regarding the location of data within Europe are essential to foster consumer trust in the use of the cloud.
>> See overall ESBG position on data protection