The European law that went into effect in 2018 requires  “all companies processing and holding personal data of data subjects residing in the European Union, regardless of the company’s location” (*).

Does this means that a transaction made by a person from the EU on an ATM somewhere in Buffalo must be stored in accordance with the GDPR law requirements?

It seems yes, they must!

In “American Banker” (*) we read:

“Basically any institution around the world that has an EU citizen, a European subject, is subject [to the law],”

In the same article we read:

“A European data subject can make requests on what data the bank has on it, and can make changes and request deletion of the data,” said Roth, who is a former chief privacy officer at American Express. “These require business practices that banks don’t have in the U.S.” (*)

We will add here – not only in US. Also in Mexico, Ecuador or Nigeria. Anywhere in the world!

The risk of GDPR law exposure is not “theoretical, it is measured in plain and easy calculable digits:

“When found in violation of GDPR, a firm can be fined 2% or 4% of revenue.”(*)

“Unlike some U.S. regulations, GDPR is not a law that banks can just say they substantially comply with, […], because compliance for GDPR needs to be demonstrated through documentation.”(*)

Let us have a closer look at the ATM and find out what information can be found that can be considered as violation of GDPR law?

As we know all ATMs store electronic journal (EJ) inside each machine, EJ as a rule contains the following information:

• customer’s transactions;
• customer’s name and surname;
• cash withdrawal amount;
• 4 last digits of the cardcard.

GDPR considers this information as confidential!

ATM alsostores COM logs as Communication log file, this file also contains all information about transactions request, amounts, reply, etc.

Video security system stores the images of the customer who made the transaction.Beside just a snapshot, it can contain time stamp, transaction number and sometimes additional information that makes the job of the bank’s security department easier.

All this information is considered as confidential and should be encrypted by GDPR (General Data Protection Regulation) rules.

Most of us reading this article have reason to worry especially if you are the ATM owner, or you are the manager of community bank.

We have solutions to prevent GDPR incompliancy.

Just contact SPL at [email protected] and ask for an offer of “Checker ATM Security”.

Checker ATM Security solution will not only protect ATMs and encrypt FS (File System) but with additional encryption technology can cover GDPR (General Data Protection Regulation) requirements.

‘Checker ATM Security” is a proven, affordable solution that can be installed on any ATM (using our proprietary, automated installations procedure) within just some hours. It will not empty your budget and solve a lot of other ATM related problems along with compliance to GDPR!