GFMA Financial Data Handling Principles for Banks and Non-Banks

12 February 2019

GFMA Financial Data Handling Principles for Banks and Non-Banks
GFMA has released its Financial Data Handling Principles for Banks and Non-Banks as a voluntary set of principles drawn from international best practices. The principles are based on both the U.S. NIST Cybersecurity Framework and the European Union’s General Data Protection Regulation (GDPR).  

The principles recommend that firms should:

  1. Limit the collection, processing and use of personal data to that which is necessary to accomplish a lawful purpose.
  2. Provide a reasonable means for data subjects to check and correct the accuracy of personal data held about them.
  3. Limit access to personal data to users on a need to know basis and monitor such access on a periodic basis.
  4. Protect against unauthorized or unlawful access to, or removal of, personal data using a risk-based approach with reasonable technical and procedural measures.
  5. Use a risk-based approach to employ appropriate safeguards, such as encryption, when
    transferring data.
  6. To the extent reasonably feasible, securely eradicate, dispose of, or destroy personal data without delay when there is no longer a valid business, legal or regulatory purpose to retain it.
  7. Only provide personal data to external entities with data protection policies and procedures
    consistent with these principles or where required by law.
  8. Implement a monitoring programme designed to identify and resolve data security issues, gaps or weaknesses; and remediate any issues found.
  9. After establishing that a loss or compromise of personal data has occurred, promptly notify
    regulators and individuals who have been substantially harmed.
  10. Work together with other financial institutions and regulators in exchanging views and intelligence with a view to continually improving data security.

  • GFMA smartbrief
    Free, essential financial industry news, delivered daily.
    Sign up now.
  • Gfma weekly update
    Regulatory and legislative developments from across the globe. 
    Sign up now.
  • Global Regulatory Reform Proposals
    Side-by-side comparisons of numerous regulatory reform proposals.
      View now.
Members of the GFMA Alliance afme asifma sifma