Banks are asking more and more questions about the origin of savings after multiple scandals such as Deutsche bank paying bribes to retain Saudi customers were identified.
Governments are battling to curb money laundering, causing banks to signal any suspicion of money laundering.
The question is whether banks, with their endless inquiries, respect the privacy of their customers since the GDPR aims to protect the personal data of citizens in the European Economic Area.
The AML and GDPR
The anti-money laundering legislation aims to prevent money laundering, terrorist financing and in financing the proliferation of weapons of destruction when using financial institutions. The AML also mentions the repeal of Directive 95/46/EC which is now the General Data Protection Regulation or AVG regulation.
Basis for processing personal data in banks
Against the GBA’s negative advice to develop a central reporting point, the De Croo government decided that banks must annually transmit the account numbers and account holders of all customers. The balances of personal accounts at the end of the year must also be passed on that can be consulted by the tax authorities, notaries and bailiffs.
With this, the basis for processing personal data is not only limited to the “public interest,” but also has a “legal obligation.”
Consequently, when banks process personal data, the principle of proportionality is swept aside but processed in legality under banking secrecy.
For more information on the legality of processing, one can always consult a recognized DPO.