The GDPR doesn’t mandate how data requests should be made, but it does say that organizations handling personal data should be prepared to handle the requests. One would be right to wonder whether companies are as prepared as they should be.
Perhaps unsurprisingly, large retail banks such as Barclays, Halifax, Lloyds and NatWest all have dedicated websites that make such requests easier for both the user and the bank. HSBC, however, is an exception: despite being the bank with the largest market capitalisation, the user is to send a letter to a PO Box with their request.
It's a jarring exception to the banks listed in an online
For those who care about their privacy the tool is obviously good news, as it helps them exercise the various rights granted to them under the recently implemented GDPR, such as the right to access, change or delete data that companies hold over them.
Asked for a comment, an HSBC spokesperson said the company takes the protection of the data they are entrusted with very seriously and added: "We are committed to meeting our obligations under GDPR with regard to customers accessing their data. We offer customers a variety of ways to contact us including via branch, contact centres, digital channels or by contacting our Data Protection Officer to access their information.”
Indeed, the bank does have a