> This falls under Fair Use (not sure about the exact term) under GDPR, as is a sensible way for the bank to uphold their legal obligations.
The term you're likely looking for is "Legitimate Interest", but that's not quite the same. You're looking for the bigger picture.
Full disclosure: I was the DPO of a gambling company and had to interpret the cross-regulation conflicts quite routinely. One of the big things with GDPR is that it can not overrule industry or domain-specific regulations. It will certainly influence how the data may be accessed, but as far as internal collection and storage goes, GDPR changes nothing material in finance.
Banks and trading shops are required to record and store all work-related communications. No exceptions, no excuses. The reasons are as you stated. To prove (or disprove) cases of insider trading, collusion, price fixing, front running, and all the other forms of fraud/abuse that would allow the financial outfits and/or their traders to break the rules and fleece their customers and/or counterparties. (They still manage, but at least it's not as blatant.)
The main impact of GDPR is that the financial industry has one additional reason to purge old records once the statute of limitations has expired.
The term you're likely looking for is "Legitimate Interest", but that's not quite the same. You're looking for the bigger picture.
Full disclosure: I was the DPO of a gambling company and had to interpret the cross-regulation conflicts quite routinely. One of the big things with GDPR is that it can not overrule industry or domain-specific regulations. It will certainly influence how the data may be accessed, but as far as internal collection and storage goes, GDPR changes nothing material in finance.
Banks and trading shops are required to record and store all work-related communications. No exceptions, no excuses. The reasons are as you stated. To prove (or disprove) cases of insider trading, collusion, price fixing, front running, and all the other forms of fraud/abuse that would allow the financial outfits and/or their traders to break the rules and fleece their customers and/or counterparties. (They still manage, but at least it's not as blatant.)
The main impact of GDPR is that the financial industry has one additional reason to purge old records once the statute of limitations has expired.