Data Protection Risks in Transitional Times: The Case of European Retail Banks

Research output: Chapter in Book/Report/Conference proceedingChapterResearchpeer-review

31 Downloads (Pure)


The banking sector has a highly developed procedural approach to risk. Faced with legal requirements to protect personal data from risks, it may seem natural to banks to ‘translate’ existing risk management procedures to these new types of risks. We present findings of an ethnographic study into practices of personal data protection in European retail banks, with a focus on their conceptualization of data protection risks. The study was mostly carried out over 2020, the first year of the Covid-19 pandemic. This offered the additional opportunity to study banks’ practices in managing data protection risks in transitional times, under conditions of accelerated digitalization. Based on our findings, we argue that banks do not fully anticipate and mitigate data protection risks that negatively affect data subjects’ interests. The reconciliation of the GDPR’s risk-based approach and banks’ procedural approach is likely to leave gaps in the latter’s management of data protection risks.
Original languageEnglish
Title of host publicationData Protection and Privacy
EditorsHideyuki Matsumi, Dara Hallinan, Diana Dimitrova, Eleni Kosta, Paul De Hert
PublisherBloomsbury Publishing
Number of pages26
ISBN (Electronic)1509965912
ISBN (Print)9781509965915
Publication statusPublished - 4 May 2023
EventComputer, Privacy & Data Protection: Data protection and Privacy in Transitional Times - Les Halles de Schaarbeek, Brussels , Belgium
Duration: 23 May 202225 May 2022
Conference number: 15


ConferenceComputer, Privacy & Data Protection
Abbreviated titleCPDP2022
Internet address


  • gdpr
  • banks
  • pandemic


Dive into the research topics of 'Data Protection Risks in Transitional Times: The Case of European Retail Banks'. Together they form a unique fingerprint.

Cite this