Discover
For Enterprise
Contact
Discover
For Enterprise
Contact

Book a demo

Ready to get started?

Types of Fintech Data and Data Privacy

Types of Fintech Data and Data Privacy

Marta Dunphy-Moriel

15 years: Financial technology law

The media often talks about privacy in the Fintech world. In this video in the series on Fintech Data, Marta answers key privacy questions, including what anonymised data is, what pseudonymised data is and what the advantages of using pseudonymised data are.

GDPR
Competent

The media often talks about privacy in the Fintech world. In this video in the series on Fintech Data, Marta answers key privacy questions, including what anonymised data is, what pseudonymised data is and what the advantages of using pseudonymised data are.

Speak to an expert

Speak to an expert today to access this and all of the content on our platform.

Types of Fintech Data and Data Privacy

7 mins 54 secs

Key learning objectives:

  • Identify and define all key types of data

  • Identify and define all key types of data privacy

Overview:

In this video, key jargon such as privacy, data protection, controller, anonymised and pseudonymised data are covered. Similarly key questions surrounding data privacy are answered.

Speak to an expert

Speak to an expert today to access this and all of the content on our platform.

Summary

What is privacy?

  • Privacy enables us to create barriers and manage boundaries to protect ourselves from unwarranted interference
  • Privacy helps us establish boundaries to limit who has access to our bodies, places and possessions, as well as our communications and our information

What is data protection?

Data protection seeks to protect people’s data by providing us with rights over our data, imposing rules on the way in which companies and governments use that data and establishing regulatory oversight to enforce the laws.

What is GDPR?

The General Data Protection Regulation (GDPR) is the key legislation governing privacy in the European Union and the European Economic Area (EEA).

What is a controller?

A controller is a physical or legal person that determines the purposes for which and the means by which personal data is processed.

When do you become a controller?

You automatically become a data controller if you decide to do one of the following five things:
  1. Collect/process personal data
  2. Decide what the purpose/outcome of the processing should be
  3. Decide what personal data should be collected
  4. Decide who to collect personal data about
  5. Have a direct relationship with data subjects

What is a processor?

A processor processes personal data on behalf of the controller. That is to say, it only does what it is told to do by the controller.

What is anonymised data?

Anonymised data is data that does not relate or identify a person. The GDPR does not apply to personal data that has been anonymised.

What is pseudonymised data, and what are its advantages?

Pseudonymisation may involve replacing the names or other identifiers which are easily attributed to individuals with, for example, a reference number.

Advantages:
  • It can potentially be out of scope of certain data subject access rights
  • It demonstrates a data protection by design approach, and that you are implementing appropriate security measures expected of a data controller
  • It reduces the risk to individuals in the event of a data breach - reducing the risk of notification

What is the difference between a controller to controller transfer and joint controllership?

  • Controllers are the main decision makers - they exercise overall control over the purposes and means of the processing of personal data
  • If two or more controllers jointly determine the purposes and means of the processes of the same personal data, they are joint controllers. However, they are not joint controllers if they are processing the same data for different purposes

What is the advantage of a controller to controller transfer?

  • Multiple data controllers can transfer personal data between themselves either as  joint controllers or independent controllers
  • The principle of purpose limitation dictates that personal data shall be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes”
  • Agreeing contractually-binding restrictions in a data-sharing agreement will help both parties comply with their obligations under GDPR
  • Choose a data transfer mechanism: use binding corporate rules or the model controller-controller clauses to help define the purpose

What is data portability, and when does it apply?

The right to data portability gives individuals the right, in certain circumstances, to receive personal data they have provided to a controller, and to request that a controller transmits this data directly to another controller.

The right to data applies when:

  1. When the lawful basis for processing this information is consent or the performance of a contract
  2. When processing is being carried out by automated means

What are the rules surrounding data portability?

  • Requests may be made verbally or in writing. They may be made to any part of the organisation and do not have to be to a specific person or contact point
  • In most cases, you cannot charge a fee to comply with a request for data portability
  • You must comply with a request for data portability without undue delay, and at the latest, within one month of receipt of the request

Speak to an expert

Speak to an expert today to access this and all of the content on our platform.

Marta Dunphy-Moriel

Marta Dunphy-Moriel

Marta is a British/Spanish bilingual lawyer and legal translator. She is a full-time privacy and data protection expert and a partner at Kemp Little. Marta has experience working with pan-European and global businesses to achieve compliance as well as working on privacy aspects of commercial contracts and procurement.

There are no available Videos from "Marta Dunphy-Moriel"