The Office of Information and Data Protection Commissioner in co-operation with the Albanian Association of Banks organized an event entitled “Rules with regard to the protection of personal data in banking system”, targeting representatives of the Bank of Albania, all second level banks and non-banking financial companies.

In his note, Mr. Besnik Dervishi highlighted the adherence to legal provisions by the operators of this sector in terms of ensuring the highest standards and safeguards for data subjects. “With reference to the weight of personal data processing operations, collection and nature, the banking sector is among the lead sectors. Over the last two years, the Commissioner’s Office has exercised nearly 300 administrative investigations both with banking “controllers” and related financial institutions. Upon examining the non-observances identified, in addition to the relevant decisions, we have rendered sector unifying recommendations to the attention of pertinent data controllers and regulatory authority. Such was the case for the banking sector; hence this meeting should be regarded as a step forward in our joint undertaking towards compliance with data protection legislation”. – held the Commissioner.

The meeting was addressed by Mr. Spiro Brumbulli, Secretary General of AAB, who at first acclaimed the co-operation with the Office of the Commissioner and further highlighted the importance of these events in addressing issues in the context of national legislation and in light of the EU General Data Protection Regulation.

In her presentation, Ms. Pjerina Gaxha, Director of Data Protection Department introduced attendees with the key principles of the Law No. 9887/2008 “On the protection of personal data”, the secondary legislation, and referred practical cases from the activity of the authority in this field. Lastly, the event featured a prominent expert, Mr. Italo de Feo from the Italian law firm “Partner CMS”, who presented the introductions of the GDPR as compared to the former Directive 95/46/EC, and particularly those with relevance to the strengthening of citizens’ control over their data, notably the right to data portability and the right to be forgotten; the data protection impact assessments and controllers’ accountability with respect to data collection/processing; strengthening of technical-organizational measures in guaranteeing security; the role and functions of the Data Protection Officer (DPO), etc.