Since the EU introduced GDPR policy I decided to request my personal data from my bank. Out of curiosity, I wanted to investigate a little what type of information is stored about me.
I requested the data using AIB’s online banking account. The process was quite straightforward. After 2 weeks or so I received a letter that my data is available to collect in person form my local AIB branch. When collecting the data I was asked to provide a proof ID. It’s reassuring to know that AIB has a procedure for such
Now, the most important bit. What is that mysterious private data? I received an envelope with handwritten details. The mysterious file was saved on a CD. I couldn’t remember when I’ve used a CD the last time.
The CD was encrypted using McAfee
The spreadsheet included only 3 tabs:
- Customer
- Account
- Transaction
Customer
- Full Name
- Sex
- DOB
- Address Line 1
- Address Line 2
- Address Line 3
- Address Line 4
- Address Line 5
- Post Code
- Resident Country
- Marketing Permission
- Mail Marketing Permission – Phone
- Marketing Permission – Email
- Contact Person
- Contact Person
- Phone number
- Home Phone
- Business Phone Number
- Phone Number
- Preferred Method of Contact
- Home Email
- Work Email
- Marital Status
- Employer Name
- Employment Start Date
- Employment Type Occupation
- University College Name
- Faculty
- Course
- Title
- Course Start Date
- Finish Date Course Type
Account
- Account Number
- Sort Code
- Mailing Label Line 1
- Mailing Label Line 2
- Mailing Label Line 3
- Mailing Label Line 4
- Mailing Label Line 5
- Mailing Label Post Code
Transaction
- Account Number
- NSC Transaction Date
- Fees
- Dispensed Currency
- Dispensed Amount
- Posted Currency Posted Amount
- Posted Date Transaction Narrative
The spreadsheet document was bearly 60 KBs. Generally, I was a little bit disappointed with the data. It clearly doesn’t include all the information associated with my account. It doesn’t include my data such as messages, statements, standing order info, or details about my savings account. MIC bank clearly tried to just tick the box that they’re GDPR complient. Nevertheless, the