We acknowledge that the answers submitted within this survey reflect only personal views of the respondents and may not necessarily coincide with the formal views of the concerned organisations.
Purpose & Confidentiality:
Any data collected within this survey will be used solely for the purpose of the benchmarking study. Individual answers will be aggregated and shared with other respondents only in an anonymised-, statistically-processed form. After closing of the study, the individual respondents will receive results explicitly highlighting their own position against the sampled group.
Data Storage & Deletion:
Answers submitted within this form will be sent directly to abaQon Mail server and will not be shared with any third parties. Any personalized data collected within this survey will be deleted after completion of the statistical processing.
Personal Information
Name *
About your organization
Type of your institution
Core Banking System
General Information
How would you rate the general attitude of your institution towards GDPR and the Swiss Data Protection Act?
Which statement best describes Data Protection-related initiatives at your organisation?
In case of completed, ongoing or planned Data Protection-related initiatives, which were the focus areas?
How would you rate the intensity of client requests related to GDPR and/or Swiss Data Protection (How does the bank protect my data? What data do you store in relation to me? Please delete my data.)?
Risk Appetite
What is the risk appetite of your organisation in relation to GDPR and/or Swiss-Data Protection Act?
Data Subject Rights
All personal data held by our organisation is handed out to customers when requested.
Our organisation can handle data subject requests in an ordered, structured and timely manner.
To handle Subject Access Requests there is a cost-efficient and automated process.
Breach Notification processes that comply with the GDPR are in place.
System Readiness: Control over Data Retention and Data Flows
We have a clear picture of what personal data is stored in which systems.
We have a clear picture of the data flows within, across and out- of our company.
User Access to systems containing personal and sensitive data is specifically and continuously controlled.
Historical data is deleted regularly so we do not hold data of closed customers for longer than required for regulatory reasons.
Our organisation has implemented a pan-application data deletion concept e.g. with cascading of deletion request files.
Purposeful processing, Marketing Preferences and Privacy Culture
For all personal and sensitive data that we store and process there is a legal basis and a clear purpose documented.
Our organisation is profiling customers only when consent has been collected.
Marketing campaigns respect customer opt-in/out preferences.
Ongoing and future projects are guaranteed to implement data protection by design and by default.