Banks are increasingly asking questions about the origin of savings after multiple scandals such as Deutsche bank paying bribes to retain Saudi customers were identified.
Governments are fighting to curb money laundering so banks signal any suspicion of money laundering.
The question is whether the banks, with their endless questions, respect the privacy of their customers since the GDPR aims to protect the personal data of citizens in the European Economic Area.
The AML and GDPR
Anti-money laundering legislation aims to prevent money laundering, terrorist financing and in financing the proliferation of weapons of destruction when financial institutions are used. The AML also mentions the repeal of Directive 95/46/EC which is now the General Data Protection Regulation or AVG regulation.
Basis for processing personal data at banks
Against the GBA’s negative advice to develop a central hotline, the De Croo government decided that banks must report the account numbers and account holders of all customers annually. The balances of personal accounts at the end of the year must also be transmitted that can be consulted by tax authorities, notaries and bailiffs.
This limits the basis for processing personal data not only to the “public interest,” but also has a “legal obligation.”
Consequently, when banks process personal data, the principle of proportionality is swept aside but processed in legality under banking secrecy.
For more information on the lawfulness of processing, one can always consult an accredited DPO.