The European Data Protection Board will soon decide if financial regulators around the world can freely engage in the exchange of cross-border information.
The European Union’s General Data Protection Regulation (GDPR), which gives consumers more control over their private data, went into effect in May. But finance regulators in the United States have said that the regulation is hindering the exchange of cross-border information, with the Securities and Exchange Commission (SEC) revealing that it has had to delete personal data from certain items to make exchanges, according to Reuters.
In fact, since GDPR came into play, regulators have used a “public interest” exemption to exchange information for certain cases such as insider trading or manipulating market benchmarks. The European Securities and Markets Authority has agreed to allow this exemption to continue until “administrative arrangement” proposed by global regulators is approved. The European Data Protection Board (EDPB) is expected to make a decision on that early next year.
“This will be discussed and dealt with in the first quarter of 2019,” a spokeswoman for the EDPB said.
Although finance regulators are worried about breaking GDPR laws, just last week it was reported that only 29 percent of EU firms have fully implemented the regulation’s rules. A report from IT Governance found that while as many as 60 percent of firms surveyed were “aware” that they must respond to data subject access requests, only 29 percent had plans in place to address the rules. That lack of full compliance could lead to penalties that include 4 percent of a fined firm’s annual top line.
“It is discouraging to see so many organizations understanding the GDPR and its applicability to their businesses but failing to comply,” said Alan Calder, founder and executive chairman of IT Governance. “May 25 should have been the wakeup call, but it’s not too late to begin your compliance journey. The time is now.”