Data protection compliance in the Maltese banking sector

Abstract

The banking industry provides for various banking services most of which entail the processing of data of the data subjects being the bank clients. Clients have the right to have their data secured and protected. Failure to protect clients’ data will result in high fines being imposed with the possibility of such breaches becoming a public matter and leading to many undesirable consequences including banks’ reputational damage, and loss of clients and clients’ trust. This dissertation aims to identify whether the process of opening and closing of bank accounts are GDPR compliant and whether there are any banking practices which can be adopted by banks to better protect clients’ data. This study limits its scope by examining specifically one banking service, that of opening and closing of bank accounts, and in this context, considers three Maltese local banks so as to furnish more accurate findings. MeDirect Malta plc, HSBC Malta plc, and BNF Malta plc, where the three banks whose process of opening and closing of bank accounts were considered. These banks hold a different role in the Maltese banking industry providing a snapshot of the level of GDPR compliance across the Maltese banking industry and promotes GDPR awareness within the Maltese banking industry. The appropriate methodology for this study is doctrinal legal analysis requiring identification and analysis of relevant documentation such as privacy policies. The research findings evidenced that whilst banks could be said to be GDPR compliant, this dissertation proposes ulterior banking practices which banks should implement to better protect clients’ data. It is concluded that GDPR compliance invariably necessitates the protection of clients’ privacy rights and banks should ensure that their systems cater for data protection-by-design and by-default.