The EU General Data Protection Regulation

08 June 2016 Download PDF

The EU data protection landscape, having remained largely unchanged since 1995, is now on the brink of a radical transformation. After extensive negotiations, the GDPR was formally adopted on 4 May 2016 and is set to replace most EU data protection legislation, including the DPA in the UK.

 

Unlike the current Directive, the GDPR will be directly applicable in all EU Member States without the need for national legislation. It will apply from 25 May 2018.

The GDPR brings new concepts into the regulatory spotlight, including profiling and the right to be forgotten. It imposes extensive new obligations on businesses and transforms the role of the Data Processor. Rights for individuals are significantly strengthened and fines in respect of breaches are increased exponentially from £500,000 under the DPA, up to €20,000,000 or 4% of annual worldwide turnover under the GDPR.

This Brochure aims to explain the main differences between the Directive/DPA and the GDPR. We have used weather themed icons for categorising the changes, so that at a glance, you can see how this may affect your business.

Please see our Glossary on page 21 for an explanation of the defined terms and abbreviations that we have used in this Brochure.

If you would like more information on the GDPR or the DPA, please contact Ian Stevens, Emma Burnett, John Armstrong or Loretta Pugh.

 

Show more Show less

Back to top

Recent decisions

  • Final Notice Plus500UK Limited

    The firm was fined for failing to provide accurate and timely...

    Read more
    Title:
    Final Notice Plus500UK Limited
    Party:
    Plus500UK Limited
    Date:
    17/10/2012
    Regulator:
    FSA
    Summary:
    The firm was fined for failing to provide accurate and timely... transaction reports to FSA in respect of all the reportable transactions they carried out. Between 29 June 2010 and 5 November 2011 the firm, an online CFD trading facility provider, conducted 1,332,000 reportable transactions. However, the firm failed to report any of these accurately and failed to report 189,000 of them at all. The firm’s systems and controls were inadequate in that it failed to set up appropriate reporting systems, did not have any documented procedures in place in relation to transaction reporting and failed to provide any relevant training to staff. It therefore breached rules in SUP 17 of the FSA Handbook and Principle 3 of the FSA’s Principles for Business. The firm has taken steps to improve their processes and resolve the errors, resubmitting reports to FSA where necessary, cooperated with FSA and settled at an early stage qualifying for a 30% discount. It is noted that this was the first regulated firm to be fined in respect of transaction reporting failures under the new FSA penalties policy. This policy was established to provide a consistent and more transparent framework for the calculation of financial penalties. The regime came into force on 6 March 2010 and applies to any breaches which occur on or after that date. As a result the penalty imposed on Plus500, which was based on the number of affected transactions, was larger than it would have been under the previous regime. Read more Read less
    Firm/Individual:
    Firm
    Subtype:
    Final Notice
    Value of Fine:
    £205,128
    Principles Broken:
    PRIN - Principle 3, SUP 17
  • Final Notice: Forex Capital Markets Ltd / FXCM Securities Ltd

    FCA has fined the firms £4,000,000 for allowing the US based...

    Read more
    Title:
    Final Notice: Forex Capital Markets Ltd / FXCM Securities Ltd
    Party:
    Forex Capital Markets Ltd / FXCM Securities Ltd
    Date:
    26/02/2014
    Regulator:
    FCA
    Summary:
    FCA has fined the firms £4,000,000 for allowing the US based... FXCM Group to withhold profits worth approximately £6m that should have been passed on to the firms’ UK clients. It is noted that the firms also failed to tell FCA that US authorities were investigating another part of the FXCM Group for the same misconduct. FXCM UK placed OTC foreign exchange transactions (rolling spot forex contracts) on behalf of retail clients, which were then executed by another part of the FXCM Group. Between August 2006 and December 2010, the FXCM Group kept profits from favourable market movements between the time the orders were placed by FXCM UK and executed by the FXCM Group, while any losses were passed on to clients in full (“asymmetric price slippage”). The firms also failed to check that order execution systems were effective, and whether order execution polices complied with FCA’s rules on best execution. Once it became aware of the US investigation in August 2011, FCA moved to review the firms and secure redress for affected consumers (who will be fully compensated, with credit automatically paid to their accounts). In addition, FCA is conducting a thematic review of firms’ execution practices, including the way services are described to clients and arrangements for order execution and review. FCA expects to publish the results by the end of Q2 2014. Read more Read less
    Firm/Individual:
    Firm
    Subtype:
    Final Notice
    Value of Fine:
    £4,000,000
    Non-financial penalty:
    Public censure
    Principles Broken:
    PRIN - Principle 6, PRIN - Principle 11

Jargon Buster

Agency Database

Future Dates

* Estimated date

  • In the course of 2017

    Next phase of the post-implementation RDR review will be published by the FCA in this year; to be followed by a subsequent third phase of the review which will consider the longer-term implications.

  • *Q4 2017

    Quarter in which ESMA expected to publish the results of the EU-wide CCP stress test.

  • 31 December 2017

    EBA guidelines on liquidity coverage ratio disclosure apply as of this date.