Case Study with tbi bank

About tbi bank

𝐭𝐛𝐢 bank is a mobile-first challenger bank in Southeast Europe and regional leader in alternative payment solutions, building an ecosystem by combining financing and shopping to address customers’ needs. It focuses on helping merchants to grow their business as well as providing consumers with financial products and services that make their lives easier.

The bank operates in Bulgaria, Romania, Greece, and Germany. Through various digital channels and trusted partnerships with over 38,000 merchant stores, 𝐭𝐛𝐢 has a customer base of 2,7 million clients and issued over 1 million loans in 2025. Its business model and customer-focused approach resulted in becoming one of the most profitable and efficient banks in the SEE region. In recent years, the bank has modernised its technology stack, enhanced customer journeys, and strengthened its compliance framework to support growth across multiple jurisdictions.

In 2026 it has been acquired by Advent International – one of the largest global private equity investors, with assets under management of over USD 100 billion and extensive experience in investing in the financial services sector.

“Forget Excel — it’s slow and messy. GDPR Register is fast, simple, and gives us exactly what we need without the clutter.”
— Maria Geninska, Legal Advisor, tbi bank

The Challenge

tbi bank’s GDPR team started project for selection of a software for keeping records of processing activities, led by Maria Geninska, as the bank was managing data protection documentation across multiple countries – Bulgaria, Romania, and Greece, using large Excel files.

Keeping Records of Processing Activities (RoPA) up to date was a complex and time-consuming task. Information was scattered across spreadsheets, responsible contacts were hard to track, and collaboration between offices relied on lengthy email exchanges.

Finding specific processing activities during audits was challenging and time-consuming, and maintaining version control across three jurisdictions became nearly impossible. The team knew they needed a structured, centralised tool that would simplify compliance without overcomplicating their workflow.

“I can find exactly what I need in seconds thanks to the search tool — no more chasing colleagues for information.”

The Solution

When evaluating new platforms, Maria and her team looked for a practical, user-friendly, and affordable solution – something that would replace spreadsheets without adding unnecessary complexity.

GDPR Register stood out for its clean interface, intuitive navigation, and responsive support team. Within weeks, tbi bank transitioned all their processing activities into the platform and connected each record with the responsible contacts.

With GDPR Register, tbi bank achieved:

• Seamless collaboration between offices in different countries, sharing activities and updates effortlessly.
• An up-to-date RoPA with all responsible contacts in one place — something that was impossible with spreadsheets.
• Instant search and clear activity descriptions, cutting response times during audits.
• Audit-ready legitimate interest assessment (LIA) alerts, providing visibility over high-risk activities.

The Impact

Switching to GDPR Register completely transformed how tbi bank manages its data protection operations. Tasks that once took hours are now completed in minutes, and the privacy team no longer relies on scattered spreadsheets or endless email threads.

The platform brought clarity and collaboration across all offices, allowing teams in different countries to work together effortlessly.

“Sharing activities across branches in different countries is seamless and saves us hours of coordination.”

During audits, LIA alerts proved invaluable by highlighting high-risk areas and ensuring full preparedness.

“The legitimate interest assessment alerts were a lifesaver during our audit.”

Beyond the tool itself, the experience of working with GDPR Register has been marked by trust and responsiveness.

“The GDPR Register team is reliable, responsive, and genuinely easy to work with — that makes all the difference. The Team reacts in a minute no matter how we contact them by email or by chat.”

Today, tbi bank operates with full visibility, clear accountability, and a streamlined compliance process across all its jurisdictions — proving that moving from chaotic Excels to GDPR Register isn’t just an upgrade, it’s a transformation.

• Involve more teams in documenting and updating Records of Processing Activities (ROPAs).
• Consolidate compliance efforts into a structured, accessible system.
• Spark greater awareness and internal conversations about data protection.
• Use advanced features like shared registers, breach records, and task assignments to streamline workflows.

Looking Ahead

With a unified GDPR framework now in place, tbi bank is turning its focus to continuous improvement and smarter automation. The team plans to further leverage GDPR Register’s upcoming features, including automated reporting and risk management – to enhance oversight and streamline compliance monitoring across all markets.

By embedding privacy management into everyday operations, tbi bank is building not only compliance efficiency but also long-term trust with customers, partners, and regulators.

Final Word

tbi bank’s journey from spreadsheets to structured privacy management demonstrates how the right technology and partnership can transform compliance into a competitive advantage. GDPR Register remains a trusted ally in helping the bank scale securely, confidently, and in full control of its data protection obligations.