Financial institutions process large amounts of personal data, and for many different purposes. The prevention of money laundering and terrorist financing requires the processing of personal data, and with this in mind financial institutions collect data on projected turnover in accounts, relatives related to politics, etc, which is based on the principle of “know your customer”. In this article the authors assess the processing of personal data for identification purposes from the standpoint of the data minimisation principle, which is required under the provisions of the General Data Protection Regulation of the European Union. The latter examines whether the processing of personal data for these purposes can be considered proportionate activity, that is to say carried out for defined purposes and only to the extent necessary. A discussion of the related legal regulation is presented which also examines the objectives of such regulation. The article also examines the criteria for the lawful processing of personal data and their application in the processing of personal data for the above mentioned purposes.