My bank refuses my data access request — what now?
Access is a hard right (GDPR Art. 15). Banks are AP enforcement priority. Via DPO → Kifid → AP. On refusal damages Art. 82 claimable.
Banks have extra pressure via PSD2 + GDPR to share your data. Refusal is almost always unlawful. Common refusal reasons that DON'T hold: "too much work" (Art. 12(5) — first copy free), "trade secret" (only for specific algorithms, not your whole file), "we only share via bank app" (not GDPR-compliant; right to machine-readable format). What is "access at bank"? Not just transaction history (visible in app) — also: fraud markers, credit-scoring data, sub-processors, profiling for product offers, BKR linkage data, KYC documents. Three-step route: Step 1: written request to DPO (almost every bank has dpo@bank.nl). Our letter generator (€9.99). Step 2: after 30 days no response → Kifid (Financial Services Complaints Institute) complaint — financial aspect. Step 3: AP complaint for GDPR aspect (AP has banks high on enforcement agenda 2024-2025). Step 4: civil damages claim Art. 82 on demonstrable harm.
Step by step
Written access request to DPO
Our letter (€9.99) or bundle GDPR rights pack (€29).
Kifid complaint within 1 year
Kifid.nl. €50 registration fee, binding decision possible.
AP complaint in parallel
AP priority for banks. generator.
Ready to act?
We'll draft the right letter for you
Personalised PDF · Send-ready · One-off €9,99
- ⚡ PDF in your inbox in 60 seconds
- 📄 BTW-compliant invoice included
- ↩️ 30-day fix-it guarantee
Sources
🔎 Common search variants
Recognise your own search? Our answer above covers these too.
- “bank refuses access netherlands”
- “bank gdpr request”
- “kifid complaint”
- “bkr access”