AML and right to be forgotten | DPA Hessen

The decision of the Data Protection Commissioner of Hessen (Germany), published on the EDPB site shows that record keeping for AML/CFT-purposes is allowed under GDPR. The financial services provider, IQ Option Europe ltd (‘the Company’), has a legal basis for processing of personal data of complainant and has to remove/erase the personal data after the retention period has expired. The Company however had to correct its compliance with GDPR. It did not inform complainant of the legal grounds obliging the Company to maintain the personal data. Following the complaint the Company has taken additional measures:

  • Review of procedures to ensure that the data minimalisation principle is adequately applied.
  • Additional training sessions to the staff and instructions how to reply to future requests of clients of the Company.

It shows that financial services providers have to pay attention to data protection principles.

Over Ellen Timmer, advocaat ondernemingsrecht @Pellicaan

Verbonden aan Pellicaan Advocaten,, kantoor Rotterdam, telefoon 088-6272287, fax 088-6272280, e-mail ||| Weblogs: algemeen: || modernisering ondernemingsrecht: ||| Motto: goede bedoelingen rechtvaardigen geen slechte regels
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, ICT, privacy, e-commerce en getagged met , , , . Maak dit favoriet permalink.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen. logo

Je reageert onder je account. Log uit /  Bijwerken )


Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s