As detailed in a very interesting article by JD Supra. About a three minute read.
Comment: while there are interesting exemptions from GDPR regarding facial recognition for financial institutions, what caught my attention was mention of “private database of unnamed people of interest”. Well, if you’re not in the property business you probably don’t realise these exist (we share information about rogue tenants or agents) so not a surprise to see them in banking. Interesting, but no surprise.