Kinstellar has helped the Czech Banking Credit Bureau with an audit of its personal data processing activities, which the bureau was carrying out as the data processor of the Client Information Bank Register.
The audit was primarily intended to ascertain whether the CBCB was fulfilling all of its obligations under the GDPR while processing personal data.
According to Kinstellar, “the CIBR provides information on banking clients who have or have had a loan agreement or an unsanctioned overdraft of a bank account with a bank in the Czech Republic, as well as information on loan applications.” According to the firm, “it evidences the creditworthiness or credit history of bank clients and its outputs play an important role in the decisions of banks to approve or deny a loan.” In addition, the firm reported, “in terms of personal data processing, the 24 participating banks act as joint controllers of personal data in connection with the bank register, while its operation is entrusted to the CBCB as the data processor.”
Kinstellar’s team included Counsel Zdenek Kucera and Junior Associate Stepanka Havlikova, among others.