Personal data according to Doro
The PDGR Regulation redefines the concept of personal data. Article 4 1 GDPR says that personal data is “information about an identified or identifiable natural person.” We are talking primarily about the name and surname, identification number, location data, online identifier, some factors determining the identity of a given natural person (physical, physiological, genetic, mental, economic, cultural or social factors), as well as IP address, information from profiles on social media or an email address.
Loan companies and verification process
Currently, there are several dozen non-bank companies in Poland providing short-term loans. Each such institution offering cash loans, online financial liabilities or short-term installment loans, collects, secures, processes and transfers various personal data of its clients in this respect, which is directly related to the verification process of the identity of potential clients of a loan company. Currently, the number of customers of non-banking institutions can be estimated at several million people, and the vast majority of them decide to take a short-term loan electronically.
Obligations of financial entities
Until now, only the client’s general consent had to be confirmed in the loan agreement or in the electronic form when applying for a financial liability online. After the introduction of the provisions of the GDPR, the loan company is obliged to prepare additional, separate and dedicated for each activity consent to be marked by a potential customer. This consent is to inform the customer in an understandable and unequivocal manner, where and for what purpose his personal data will be used.
Some companies from the financial sector will be required to appoint a Data Protection Officer to supervise internal procedures carried out in the organization. This applies primarily to companies that regularly and on a large scale monitor their clients.
What rights does the GDPR provide to clients?
- “The right to be forgotten”, and thus the possibility of permanent deletion of personal data processed by a specific entity.
- The right to request the transfer of data, i.e. the option to transfer your personal data to another entity when changing the contract.
- A wide right to information, and therefore full knowledge of what data, for what purpose and by whom will be processed.
- The right to access information by the data subject.
- Extended right to object to data processing.