Banks and insurance companies are not processors for their customers

[Missing text '/header/main' for 'English'] [Missing text '/header/navigation' for 'English']

Banks and insurance companies are not processors for their customers

Finance Norway dissuades both its member companies and their business customers to enter into data processing agreements in general customer relations. As the agreements do not comply with the General Data Protection Regulation (GDPR), they might entail confusion in relation to liability and potentially impose greater responsibility on the parties than is required by the regulations.

Since the regulation is expected to enter into force in Norway within a short period of time, Norwegian banks and insurance companies receive several inquiries from business customers who wonder if they must enter into a data processing agreement with their bank or insurance company. The inquiries are understandable as the banks and insurance companies often process information about the business customers’ employees, owners and elected representatives.

Business customers usually do not need to enter into data processing agreements with their bank or insurance company. Banks and insurance companies are responsible for the processing of information concerning the business customers’ employees, owners and elected representatives regarding the customer relations.

Read Finance Norways circular to member companies (Norwegian, for members only)