# GDPR and impact on customer records



## gnf_ireland (23 Mar 2018)

I have been looking through some of the threads in relation to SAR (subject access requests) to banks by individuals and a common theme is missing data/records in relation the customers files and communications - in particular call records.

In light of GDPR in May 2018, will the banks use this as an excuse to delete what they deem to be non-essential data, further reducing access to this very important information?

I wonder should the Oireachtas committee/Central Bank would not ask the banks to release their historic call recordings to a trusted (secure) party while this investigation is on-going, and for this 3rd party to deploy a "speech to text" analytics solution which would convert all the call recordings to text and allow data analytics determine if keywords have been used during calls - for example the word 'TRACKER'? Given this type of software is relatively commonly available, I do not understand how it has not been used to date to validate what the banks are saying around impacted customers. 

The only challenge I see here is the format/encoding of the audio files, but cannot imagine they would be that difficult to handle - unless of course the call recordings have been deleted, in which case there is probably not that much that can be done.

It will be very interesting to see if GDPR helps or hinders the tracker redress process.... Only time will tell I am guessing


----------



## Brendan Burgess (23 Mar 2018)

As an interviewer might say, could you explain to our listeners what GDPR , as some of them might not know.  

Brendan


----------



## gnf_ireland (23 Mar 2018)

Brendan Burgess said:


> As an interviewer might say, could you explain to our listeners what GDPR , as some of them might not know.


Fair enough  although I did get some documentation in the door this morning from KBC on "The GDPR and you"

In short, it is General Data Protection Regulation which is an EU regulation which strengthens the data protection rights for customers. Companies face heavy fines where the regulations are broken. It is generally meant to give customers greater access to the data companies hold on them and more control over how that data is used. It comes into effect on 25th May 2018

Companies in general are under major pressure to ensure these regulations are adhered to. One way of minimising the risk is to delete the data they have on customers, especially old data, to make sure they are more compliant than they would otherwise be. Any company who done a major IT system swap-out in recent years is likely to considering removing the historical data at this stage. This probably applies to most of the banks in some shape or form.. 

For anyone struggling to sleep at night, the following site should help !
https://www.eugdpr.org/


----------



## SaySomething (23 Mar 2018)

Or even http://gdprandyou.ie/


----------

