Financial services firms—legal obligation and legitimate interest under the GDPR—one minute guide
Financial services firms—legal obligation and legitimate interest under the GDPR—one minute guide

The following Financial Services practice note provides comprehensive and up to date legal information covering:

  • Financial services firms—legal obligation and legitimate interest under the GDPR—one minute guide
  • Lawful grounds for data processing under the GDPR—summary for financial services firms
  • Definitions
  • Six data protection principles
  • Six lawful grounds of data processing
  • Legal obligation vs legitimate interest in the context of financial services regulation
  • When is processing ‘necessary’ for compliance?
  • Regulations which specify actions which cannot be done without processing personal data
  • High-level rules which require firms to exercise judgment in deciding how to comply
  • Voluntary schemes run by regulators and other official bodies
  • More...

Brexit: As of exit day (31 January 2020) the UK is no longer an EU Member State. However, in accordance with the Withdrawal Agreement, the UK has entered an implementation period, during which it continues to be subject to EU law. This has an impact on this Practice Note. For further guidance on the impact of Brexit on the GDPR and data protection, see Practice Note: Brexit—implications for data protection.

This Practice Note provides an introduction to reliance by financial services firms on legal obligation or legitimate interest as a lawful ground for processing personal data under the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR), which took effect on 25 May 2018.

For general information on the GDPR, see Practice Notes:

  1. GDPR for financial services firms—one minute guide

  2. The General Data Protection Regulation (GDPR)

  3. The Data Protection Act 2018, and

  4. EU data protection reform—timeline [Archived]

The Information Commissioner’s Office (ICO) has published a guide to the GDPR which is available here.

Lawful grounds for data processing under the GDPR—summary for financial services firms

Definitions

Personal data: any information relating to an identified or identifiable natural person (data subject)—an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical,

Popular documents