Instead, firms must approach MiFID II and GDPR as a single challenge, and develop or adopt solutions that can fulfill both sets of requirements. Read out the PDF or visit us at https://bit.ly/3hwcFKA for more information.
2. BUILDING A DATA MANAGEMENT BLUEPRINT
The first half of 2018 saw two major legislative frameworks come into
force, both within the European Union. In January that year, the revised
Markets in Financial Instruments Directive (MiFID II) rolled out.
Designed as part of financial industry reform legislation, MiFID II
covered — and continues to cover — assets and professions in the EU’s
financial services industry. A few months later, in May, the General Data
Protection Regulation (GDPR) arrived, covering data protection and
privacy in both the EU and European Economic Area, as well as the
transfer of citizens’ personal data outside these two areas.
Both sets of rules provide a sturdy, but flexible framework that should
dictate data management within a firm. Both reporting requirements
are in-depth and mean that a range of data types must be aggregated
in order to build reports. While MiFID II is most heavily focused on the
financial markets, GDPR also impacts financial services when it comes
to areas like the right to data erasure and right to be forgotten, as well
as the potential impact of fines for regulatory infringements and data
breaches.
HTTPS://WWW.SHIELDFC.COM/
MAKING TRADE COMMUNICATIONS SEARCHABLE
In order to support trade reporting and best execution, firms must
ensure that all trading communications made between regulated
firms and clients are recorded and made searchable. This includes
telephone calls, emails, documents, and any instant messaging
platforms used as communication channels.
At face value, firms might consider the requirements to both
gather and store data under MiFID II — including personal details
of traders — to contradict GDPR guidelines, which are built around
user privacy and limiting the processing of data. In short, GDPR
appears to go against MiFID II by giving individuals the power over
what firms are able to do involving their personal data.
3. The interconnectedness of these two crucially important pieces of
legislation means that any technology solutions must be able to help
manage both. Firms that have adopted a siloed approach to data
capture under MiFID II face serious problems if the MIFID II systems are
not GDPR compliant. This creates big risks around security, privacy, and
accessibility of data, along with data processing.
Instead, firms must approach MiFID II and GDPR as a single challenge,
and develop or adopt solutions that can fulfill both sets of
requirements. Using a truly hybrid technology model such as the ones
developed by Shield — which provides granular access controls when it
comes to classifying communications, mapping personal information,
and creating custom data masking levels — can ensure
communications are monitored securely and in compliance with all
privacy regulations thereby reducing risk. Doing this in a way that is
both automated and centralized makes it possible to see sequential
flows of trading events in a way that can be easily reconstructed.
MiFID II and GDPR regulations and enforcement will only become more
stringent. Neither set of rules is new anymore, meaning that there is
zero excuses for failing to comply. If they haven’t already, firms must
make sure that they take the right precautions now, rather than risk
being caught short at a later date.
MANAGING BOTH FORMS OF LEGISLATION
HTTPS://WWW.SHIELDFC.COM/