N26: Insufficient legal basis for data processing

The fine was imposed against against a bank (according to a newspaper N26) that had processed 'personal data of all former customers' without permission.The Bank has acknowledged that it had retained data relating to former customers in order to maintain a blacklist, a kind of warning file, so that it would not make a new account available to these persons. The bank initially justified this by stating that it was obliged under the German Banking Act to take security measures against customers suspected of money laundering. The Berlin supervisory authority judged this to be illegal. The authority argues that in order to prevent a new bank account from being opened, only those affected may be included in a comparison file who are actually suspected of money laundering or for whom there are other valid reasons for refusing a new bank account. The authority told a newspaper that the fine proceedings initiated against the bank had 'not yet been legally concluded'.

GDPR Articles: Art. 6 GDPR
Industry: Finance, Insurance and Consulting