The European Data Protection Supervisor published ‘Guidelines on data protection in EU financial services regulation’ (Guidelines) to be used as a “practical toolkit for ensuring that EU data protection rules are integrated when developing EU financial policies and rules.”

The Guidelines address the processing of personal information involved in supervising financial markets, particularly through the use of surveillance, record keeping, and reporting, and information exchange. Such measures have the potential to infringe on individuals’ rights to privacy and data protection.

The Guidelines include 10 steps and recommendations to assist EU policy makers responsible for financial regulation. Some of the key recommendations include:

  • Assess whether information processing interferes with the right to privacy
  • Establish a legal basis for the data processing
  • Evaluate and justify an appropriate retention period for the information
  • Establish a correct legal basis for any transfer of personal information outside the EU
  • Provide appropriate guarantees of individuals’ data protection rights
  • Consider appropriate data security measures
  • Provide specific procedures for supervision of data processing

In light of the 2008 financial crisis, the Guidelines provide a useful method of rebuilding trust in markets for financial services by ensuring that personal data is properly protected.