skip to content

Financial data protection: How are customers protected?

When we talk about financial services customers in Spain it is important to highlight their rights, as well as the regulations and protection measures that make banks and the economy work properly. Do you have any knowledge on the subject? Read on and find out more with us!

What is financial data protection?

To understand what we mean by financial data protection, we first want to explain what is meant by bank data?

In short, banking data are considered personal data that serve to identify economic activities.

Among the most recognized banking data, those that obtain information on: income, income, investments, credits, loans, loans, guarantees, retirements, pension plans, mortgages, payroll, among others, stand out.

However, when referring to data protection, the rights of individuals who provide their information to financial organizations are involved. In this sense, it is understood as the application of the regulations in force that financial and banking institutions must abide by in each country.

Regulations governing data protection

In the case of Spain, there are two regulations governing data protection in the country: the European Data Protection Regulation (GDPR) and the Organic Law on Data Protection and Digital Rights Guarantees (LOPDGDD).

European Data Protection Regulation (GDPR)

This regulation applies throughout the European Union and came into force on May 24, 2016. The GDPR is a measure whose main objective is to strengthen the fundamental rights of individuals and regulate data protection, ensuring respect for citizens.

Organic Law on Data Protection and Guarantees of Digital Rights (LOPDGDD)

Regarding the LOPDGDD 3/2018, of December 05, it is the law that adapts the RGDP in Spain. Therefore, it is an obligation for any financial entity that processes personal data to comply with this standard that includes key elements such as: express consent, the register of processing activities, and the impact assessment or figure of the Data Protection Delegate.


You may be interested in: How is investment risk measured?


Banks and data protection

In order to meet the expectations and security of financial services customers in Spain, each financial or credit institution must take into account certain aspects such as:

Prepare the register of treatment activities

This will allow them to obtain detailed information about the customer’s data and to record the activities.

However, banks must include in the processing register contact details of the data controller, legitimacy, purpose, description of the categories of data and data subjects, information concerning international transfers, security measures and data retention periods.

Conduct a risk analysis

By performing this type of analysis, banks can learn about the threats to which financial services customers’ data may be exposed.

Among the most frequent threats are actions that harm the rights and freedoms of data subjects, or that expose data in the future.

Obtaining customer consent

In order to proceed with any procedure in the financial sector, it is necessary that the customer in question previously approves the requirements and regulations to be met, either through an online application, or in person at a branch when contracting a service or product.

Inclusion of legal texts in web pages

Digitalization has led banks to offer protection to financial services customers even through their websites.

In this way, the regulation establishes that it is essential to specify: legal notice in which the documentation of the owner of the website, terms and conditions of contract, and cookies policies are established.

Contracts with third parties

It is the obligation of the banking entities to make the customer or employee sign a processing assignment contract in which he/she authorizes to provide information about his/her data to third parties.

The most common example where this is the case is when hiring an occupational risk prevention service or cloud platforms that store the corresponding information.


You may be interested in: How to obtain a credit in Spain?


Paying attention to the rights of users

The main purpose of this aspect is to ensure that users are aware of the information they can provide to their banking institutions.

For this reason, it is the obligation of the same entities to provide the necessary consent documents and privacy policies, enforcing the rights of their customers at all times.

Report possible security breaches

Among the obligations to be fulfilled by banks, it is also worth mentioning the notification of possible security breaches that could pose a risk to the protection of their customers’ data.

In this regard, the law establishes that the notification must be made within a maximum period of 72 hours.

Establishing a Data Protection Officer (DPO)

The figure of a Data Protection Officer corresponds to a professional who has the skills to supervise the processes and internal policies in the processing of personal data in a banking institution.

This delegate may be hired externally, or may be designated to a member of the organization.

Don’t forget the impact assessment

When banking entities detect that their financial services customers may be affected in terms of their rights and freedoms, it is necessary to carry out an impact assessment.

In carrying out the assessments, the competent department may decide whether measures should be taken to address the associated risk, or whether the way in which the processing of personal data is carried out should be modified.


You may be interested in: Pros and Cons of Venture Capital Fund Financing


Rights of financial customers in Spain

When you start a relationship with a bank, as a financial customer in Spain, it is important that you know your rights. Below is a list of the most common ones:

  • Receive adequate and truthful information regarding the terms and conditions of the financial services they wish to contract.

  • Obtain a copy of the instruments to which it subscribes.

  • Possibility of freedom of choice and fair treatment

  • Priority attention in case the person has reduced mobility or motor impairment.

  • Receive binding offers with respect to: mortgage loans or consumer loans

  • To be aware of the associated costs and commissions at the time of contracting the service

  • To be informed about modifications to contracts, in the event of a change in the general regulations.


Making sure that customers of financial services in Spain know their rights and each regulation that applies when acquiring a product or service is essential to ensure their confidence and levels of protection. Remember that in TAS Consultancy we put at your disposal our accounting experts to answer your questions when it comes to finances!


Find here

The content you need

to set up your business in Spain.

¿What did you think of this content?

0 0 votes
Article Rating

Your email address will not be published .

Required fields are marked with *


Inline Feedbacks
View all comments