MIFID II and GDPR Regulations

By | Tuesday April 4th, 2017

Following the mandate given by the European Commission, the European Securities and Markets Authority (ESMA) published its final technical advice on MiFID II on 19 December 2014, and on MAR on 3 February 2015.

On 10 February 2016, the European Commission confirmed one year delay to the MiFID II timetable. The new target for implementation day is thus 3 January 2018, postponed from previous effective date 3 January 2017.

ESMA Final Report of “Guidelines on transaction reporting, order record keeping and clock synchronisation under MiFID II” was published on 10 October 2016.

Previously on 7 July 2015, WP 29 published a document about ESMA MIFIR MIFID II “Possible delegated acts for the implementation of EU legislation on both markets in financial instruments (MIFID II) and on market abuse regulation (MAR)”in order to” focus the Commission’s attention upon the key data protection and privacy issues, identified as the main concerns regarding implementation measures proposed by ESMA”.

The suggestions focused in this document are still of great interest for all actors involved in MIFIR MIFID II Projects.

Specifically the Working Party 29 had drawn the Commission’s attention upon the following issues.

  1. Recording of telephone conversations

The Working Party points out that “any extension of the recording obligation needs to demonstrate how the proportionality, necessity, data retention limitation principles have been taken into account and how rights of data subjects are safeguarded by appropriate measures”.

  1. Protection of reporting persons under the market abuse regime

The Working Party recalls its “recommendations on whistleblowing in 2006 and suggest the Commission to take into account the lines and safeguards provided in this opinion when drafting its implementing measures”.

  1. Data retention period

The working party recommends to the Commission to complement the wording of its implementing acts with additional specific wording in order to set the maximum data retention period.

  1. Data subject rights

The Working Party recommends taking strongly into account the data subject rights, especially when data are transmitted.

  1. The need for consistent Data security provisions

The Working Party recommends that the Commission recalls “obligations of data controller to ensure confidentiality and security of personal data by appropriate measures”.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.