This past Monday, 18 April 2016, NautaDutilh Avocats Luxembourg organised a breakfast seminar on the new EU General Data Protection Regulation and its impact on the financial sector. The event took place at the Sofitel hotel in Kirchberg and was attended by members of the ABBL, the Luxembourg Stock Exchange as well as legal advisors, compliance officers and other financial professionals.
Technology and IP partner Vincent Wellens and his team, associates Anne-Sophie Morvan and Carmen Schellekens, welcomed the participants around a generous breakfast and updated the audience on the General Data Protection Regulation (GDPR), which was adopted by the European Parliament on 14 April 2016. The Regulation, which will enter into force 20 days after its publication in the EU Official Journal, will be directly applicable in all Member States two years after publication. In the meantime, companies and financial institutions must adapt their business and processes to the new rules. They will have, amongst others, to adapt their technology supplier contracts and client forms as well as their processes in the event of a data leakage. A data protection impact analysis is also needed and financial players have to rethink their technology procurement in the light of the new principles of privacy by design and privacy by default.
Vincent, Anne-Sophie and Carmen provided an extensive overview of the changes which will be introduced by the GDPR, compared to current law and hence identifying potential compliance gaps for financial institutions and their technology service providers. In addition, they offered practical insights into how to resolve conflicts between obligations stemming from the GDPR and other rules applicable in the financial sector, such as AML and MIFID legislation, and how to handle potential synergies between data protection compliance efforts and financial sector-specific obligations, such as those on data storage and bank secrecy.
The seminar concluded with a lively Q&A.