Authors: Athanasios Karagiannis, Vangelis Manouvelos

Title: Assessing the implementation of the General Data Protection Regulation (GDPR) in the Greek Banking Sector

Abstract

The protection of personal data is a complex and dynamic area. Consequently, their integration into the modern society of information and rapid technological developments is imperative and complex. The 1995 Directive of the European Parliament and the Council (95/46/EC) has been a milestone for the protection of personal data.

However, the technological advancements and the developments in the security of transactions, generated the new Regulation 2016/679 of the European Parliament and the Council (27 April 2016) on the protection of individuals with regard to the processing of personal data and the free circulation of such data. After GDPR, Law 4624/2019 followed. The current thesis will analyze both legal documents.

Our research focuses on the day-to-day interactions of customers with financial institutions, where the collection and processing of personal data takes place. The issue of protecting clients' confidential personal information from banks will be highlighted, having our research interest in relevant theory and legislation as well as in practical issues arising from the day-to-day banking procedures.

To this end, a categorization of personal data collected by financial institutions will be attempted. Then, the legal aspect and delimitations of their processing will be discussed along with the purposes of their collection. In particular, we will focus on the protection of personal data of financial institutions' clients in cases where the bank secrecy is not valid, as well as on sales or assignments of loans to third parties pursuant to Law 4354/2015. In addition, personal data protection will be examined in regards to the use of the Credit Bureau system TIRESSIAS, as well as issues raised when providing investment and payment services.