EU GDPR for the banking sector

Answer:

There are no specific DSGVO (EU GDPR) for the banking sector alone, the GDPR is meant to be applicable across industries as long as personal data is being processes. The same is applicable for software development.

Generally when you are developing a software banking solution this solution would have to be compliant with the “privacy by design” and “privacy by default” principles as provided by article 25 of the EU GDPR (https://advisera.com/eugdpracademy/gdpr/data-protection-by-design-and-by-default/).

In terms of security measures article 32 of the EU GDPR provides some some security measures you should be considering (https://advisera.com/eugdpracademy/gdpr/security-of-processing/) but there are high level measures so companies are free to take whatever security measures they see fit. Y ou can always use ISO 27001 as a good starting point for your security requirements. For more insight on ISO27001 and EU GDPR you can check our article “ How does 27001 implementation satisfy EU GDPR requirements at: https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

Another thing you should consider, if your software is front facing the data subjects, it is the notices you would have to present to the data subjects. Guidance on the notices can be found in folder 2 “Personal data policy framework” in our EU GDPR toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/

Don`t forget also local banking sector specific requirements that might be applicable for banking software especially in terms of security.