The European Data Protection Supervisor has released guidance to European financial services regulators to help them analyze data protection and privacy in the financial services arena. The guidance sets forth a 10-step methodology to “facilitate policymaking which respects the fundamental rights and freedoms in the [EU Charter of Fundamental Rights] and in particular the rights to privacy and to the protection of personal data.”
The 10 steps to assessing data protection aspects of proposed measures include identifying the personal information to be processed, defining the purpose for processing of personal information, evaluating and justifying an appropriate retention period for the information and providing appropriate guarantees of individuals’ data protection rights. In a statement that accompanied the release, Giovani Buttarelli, who was subsequently confirmed as the new European Data Protection Supervisor, said: “The value of personal information has increased in line with the growth of the digital economy and it is important that it is protected across all industry sectors. This is the first of several planned guidelines from the EDPS which will address the specific needs of different sectors.”