Privacy of customer data in banking

See how banking institutions protect your data
Until very recently, Organic Law 15/1999 on Data Protection governed the processing of consumer data in Spain. However, the European Union's adoption in 2016 of the General Data Protection Regulation (EU 2016/279) made it imperative to adapt this law to the innovations of the digital age. As a result, in Spain, the Organic Data Protection Law was approved in November 2017, the main objective of which was to adapt the old data protection law to the guidelines set out in EU Regulation 2016/279. In this article, we explain what the implications of the new GDPR are for consumers and how the regulation applies to the banking sector and to the privacy of consumer data.
Banner superior One View Banner superior One View
BBVA One View
Do the payments of your company from your other banks without go out of BBVA.

What is the GDPR and what are its implications?

As the companies that they are, banks and financial institutions are also required to comply with the GDPR. Traditionally, the banking sector has always taken the protection of their customers' data very seriously, given its sensitive nature. However, there are new changes now that banks have to adapt to. Some of the new features that the introduction of GDPR has brought about in financial institutions are as follows:

Creation of the role of the Data Protection Officer: one of the most significant changes that the GDPR has brought about in banks is the creation and appointment of the Data Protection Officer. The DPO's main purpose is to ensure the security of the data of the customers of the financial institution that it oversees, working independently and directly with the Spanish Data Protection Association (AEPD).

Consent: this is another aspect that has changed in terms of data protection. Before, silence, inactivity and omission constituted valid consent; however, customers must now give their free and unequivocal consent by opting in and letting financial institutions collect and process their personal data. A practical example of this is the use of boxes that the user has to check beforehand.

Accountability principle: The principle of active responsibility, known as accountability, is another new feature introduced by the GDPR. This means that now, financial institutions are not only responsible for complying with the data protection regulation, but must also implement internal processes to prove and ensure that they are in compliance with it.

Rights of a bank's customers: the GDPR also granted new rights to customers of financial institutions. One of these is the right to delete data, which allows the data provided to the bank to be deleted if it is not being used for the purposes for which it was collected, or simply if the customer withdraws their consent. Another important right introduced by the GDPR is the right to portability. This right makes it possible for the customers of a bank to obtain all the personal data that the financial institution has collected on them and to transfer it to a third party if they wish.

Right not to be subject to automated individual decisions: this last right is probably the one that has had the greatest impact on the banking sector. Oftentimes, financial institutions profile their customers based on the data they have on them and which they use to make decisions, such as approving a loan. As a result of the approval of the GDPR, from now on no organization will be able to make automated decisions (without the intervention of a person) for any of its customers that have legal consequences for them.


In short, the GDPR has had a tremendous impact on how European consumers' personal information is processed and used, by increasing the security and privacy of the data collected by all types of organizations. At BBVA, we always like to process our customers' data with the utmost care and sensitivity, which is why we anticipated the enactment of the GDPR and implemented roles such as the DPO months before the deadline for adapting to European regulations ended.
Central banner One View Central banner One View
Vas of a bank to another for pay to your suppliers
Simplify things! Do the payments of your company without go out of BBVA.
In addition, all our products and services guarantee the strictest privacy for our customers' data. A good example is One View, the financial aggregator for companies that lets you import information from all your accounts in over 80 banks so that you can easily analyze your business's financial situation and make better financial decisions. The process of connecting accounts and cards from other banks is fast and simple, as well as very secure.
A/C One View A/C One View
Companies - You might also be interested in Companies - You might also be interested in

You might also be interested in

  • We'll tell you the different criteria for classifying a company based on its size.
  • We explain how they help to establish how much tax each worker has to pay depending on their income
  • We'll tell you everything you need to know about this temporary strategic partnership.