By Harry Pain
For many in the financial services industry, the new year may start with an even bigger headache than usual: the 3rd of January 2018 sees the introduction of MiFID ii – the EU’s second ‘Markets in Financial Instruments Directive’. Designed to ensure greater transparency in financial markets that are fairer, safer and more efficient, MiFID ii has put huge strain on many organisations, requiring numerous and far-reaching changes to operational policies, processes and systems.
In fact, such has been the effort of preparing for MiFID ii that many financial services organisations could be forgiven for taking their eye off the GDPR ball. The General Data Protection Regulation comes into force in May 2018, giving EU citizens new rights to access and manage any personal data you may hold on them. The regulation naturally also imposes new restrictions on how and when companies can use personal data.
If your organisation has been too tied up in MiFID ii to address the GDPR, there’s no need to panic just yet. Northdoor has the business and technical expertise to help you review your current position, and design and deliver a programme to enable compliance within the deadline.
And for those of you who have been trying to meet both sets of regulatory requirements: you may have noticed that getting MiFID ii and the GDPR to work together can be difficult. As a simple example, MiFID ii will require institutions to share their customers’ personal data – such as National Insurance numbers – with all the relevant exchanges. Of course, the dissemination of this kind of data is precisely what the GDPR is trying to regulate, so alarm bells should be ringing. Do you need customer consent to share their personal information with the exchanges? Or does this fall under the ‘lawful grounds’ or ‘legitimate interest’ sections of the GDPR?
For advice on the squaring the apparently contradictory demands of MiFID ii and the GDPR, contact us.