August 18, 2018

August 17, 2018

Subscribe to Latest Legal News and Analysis

August 16, 2018

Subscribe to Latest Legal News and Analysis

August 15, 2018

Subscribe to Latest Legal News and Analysis

FCA and ICO Publish Joint Update on GDPR

On February 8, the UK Financial Conduct Authority (FCA) and the UK Information Commissioner’s Office (ICO) published a joint statement on the EU General Data Protection Regulation (GDPR).

GDPR will go into effect in the UK on May 25. The GDPR is designed to strengthen the rules governing data protection across the European Union and will be regulated and enforced in the UK by the ICO, as part of its continuing mandate for the responsibility of data protection regulation.

The FCA believes that the GDPR does not impose any requirements that are incompatible with the rules already detailed in the FCA Handbook.

The FCA goes on to state that compliance with GDPR is now a board-level responsibility, and firms must be able to produce evidence to demonstrate the steps that they have taken to comply. The requirement to treat customers fairly is also central to both data protection law and the current financial services regulatory framework.

While it is the ICO that will regulate the GDPR, the FCA notes that complying with the GDPR requirements also is something the FCA will consider under their Senior Management Arrangements, Systems and Controls (SYSC) rules. As part of their obligations under SYSC, firms should establish, maintain and improve appropriate technology and cyber resilience systems and controls.

The FCA acknowledges in the statement, however, that there are still ongoing discussions to ensure specific details of the GDPR can be implemented consistently within the wider regulatory landscape. Discussions also are ongoing relating to the UK’s Data Protection Bill, which is progressing through Parliament. Although the GDPR directly impacts EU Member States, the GDPR also gives Member States limited opportunities to make provisions for how it applies in their country, and, therefore, the Data Protection Bill is required in the UK. As an aside, this scope for Member States to make additional provisions means that data protection rules across the European Union could vary slightly.

The statement indicates that the FCA and ICO are working closely together in preparation for the GDPR and, since 2014, the FCA and ICO have had a Memorandum of Understanding in place, laying out the formal relationship for the cooperation and coordination of their activities.

The statement is available here.

©2018 Katten Muchin Rosenman LLP

TRENDING LEGAL ANALYSIS


About this Author

Carolyn H. Jackson, International Attorney, Katten Muchin law firm
Partner

Carolyn Jackson is a partner in Katten Muchin Rosenman UK LLP and is a Registered Foreign Lawyer. She provides US financial regulatory legal advice to a broad range of market participants, including commercial banks, investment banks, investment managers, broker-dealers, electronic trading platforms, clearinghouses, trade associations and over-the-counter derivatives service providers.

Carolyn guides clients in the structuring and offering of complex securities, commodities and derivatives transactions and in complying with US securities and commodities laws...

+44 0 20 7776 7625
Nathaniel Lalone, Katten Muchin Law Firm, Financial Institutions Attorney
Senior Associate

Nathaniel Lalone, a partner at Katten Muchin Rosenman UK LLP, has a broad range of experience in the regulation of financial products and financial markets, and frequently provides regulatory and compliance advice to trading venues, clearing houses and buy-side firms active in the over-the-counter (OTC) derivatives, futures and securities markets. He is actively involved in advising clients on the implementation of MiFID 2 and MiFIR in the European Union as well as the international reach of US financial services regulation. He also has significant experience with structuring and documentation relating to OTC derivatives and structured products.

Prior to joining Katten, Nathaniel was a member of the US Regulatory and the Derivatives and Structured Finance practices at Allen & Overy LLP.

+44 0 20 7776 7629
Neil Robson, private equity fund managers counselor, Katten Law Firm, London
Partner

Neil Robson, a regulatory and compliance partner with Katten Muchin Rosenman LLP, focuses his practice on counseling hedge and private equity fund managers and other investment advisers on operational, regulatory and compliance issues. He regularly addresses Financial Conduct Authority (FCA) and EU authorization and compliance under both the EU Alternative Investment Fund Managers Directive (AIFM Directive) and MiFID, cross-border issues in the financial services sector, market abuse, anti-money laundering and regulatory capital requirements, formations and buyouts of...

44-0-20-7776-7666
Alan Meneghetti, Katten Law Firm, London, Corporate Law and Cybersecurity Attorney
Partner

Alan Meneghetti is a partner in the Corporate group at Katten Muchin Rosenman UK LLP. He undertakes a full range of commercial and regulatory work in the general commercial, aviation and aerospace sectors. His practice ranges from handling regulatory issues to the procurement of suppliers and responses to tenders, to data protection and privacy, information technology, intellectual property, and the drafting and negotiating of various commercial agreements, such as outsourcing, supply, service, and research and development. He has worked extensively on matters in Africa...

440-207770-5232