Data protection issues are a matter for the Data Protection Commission rather than the Central Bank of Ireland, and as such are in the remit of my colleague, the Minister for Justice and Equality. However, Section 4.13(e) of the Consumer Protection Code 2012 provides that, in its terms of business, a regulated entity must provide a summary of the regulated entity’s policy in relation to how it will use a consumer’s personal data.
The Central Bank Consumer Protection Code 2012 is available at the following link:
https://www.centralbank.ie/docs/default-source/regulation/industry-market-sectors/brokers-retail-intermediaries/supervision-process/consumer-protection-code-2012.pdf?sfvrsn=4.