Data Protection Risks in Transitional Times: The Case of European Retail Banks

Research output: Unpublished contribution to conferenceUnpublished paper


The banking sector has a highly developed procedural approach to risk. Faced with legal requirements to protect personal data from risks, it may seem natural to banks to ‘translate’ existing risk management procedures to these new types of risks. We present findings of an ethnographic study into practices of personal data protection in European retail banks, with a focus on their conceptualization of data protection risks. The study was mostly carried out over 2020, the first year of the Covid-19 pandemic. This offered the additional opportunity to study banks’ practices in managing data protection risks in transitional times, under conditions of accelerated digitalization. Based on our findings, we argue that banks do not fully anticipate and mitigate data protection risks that negatively affect data subjects’ interests. The reconciliation of the GDPR’s risk-based approach and banks’ procedural approach is likely to leave gaps in the latter’s management of data protection risks.
Original languageEnglish
Publication statusUnpublished - 25 May 2022


  • gdpr
  • banks
  • pandemic


Dive into the research topics of 'Data Protection Risks in Transitional Times: The Case of European Retail Banks'. Together they form a unique fingerprint.

Cite this