data retention by bank/insurance company

slipperyox

As a bank/insurance company is a regulated entity, and must retain individuals data for 6 years, as per central bank.

Does the "right of erasure" under data protection shadow this?

Jim2007

slipperyox wrote: »

As a bank/insurance company is a regulated entity, and must retain individuals data for 6 years, as per central bank.

Does the "right of erasure" under data protection shadow this?

I'm not exactly sure what you are trying to get at here...

There is a general obligation on all businesses to collect only data which is needed for the operation of their business and to only retain that data as long as it is needed for the operation of their business. Again generally speaking, you have a right to know what that data is and to have it corrected if it is materially in error. There is no right to have such data deleted so long as it is required for the operation of the business.

The 'right to be forgotten' does not include the right to avoid the normal laws of the state. So for instance, while a bank needs to given you account transaction details, they do not have to give you a bank statement in the normal format that they charge for and so on.

slipperyox

Many thanks.

I had asked an insurance company to delete my data, under data protection.

They said they can't, and must keep it for 6 years as a "regulated entity",

However, under the right of erasure, there are grounds for keeping data,

Exercising the right of freedom of expression and information.
Compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority.
Reasons of public interest in the area of public health (See Article 9(2)(h) & (i) and Article 9(3), GDPR).
Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
Establishment, exercise or defence of legal claims.


Never noticed the second part, think I have answered my own question... Thx again