Some companies try to point the finger at one another for responsibility or try to contractually allocate roles. However, an incorrect qualification can result in companies trying to meet the wrong GDPR obligations. This brings us to the question: "what is meant by purpose and means of the processing, and when are you considered to determine them"?
On October 3rd 2017, the EU’s Article 29 Working Party (WP29) adopted its draft of ‘Guidelines on Personal data breach notification under Regulation 2016/679 [General Data Protection Regulation]’. Even though the document is still open for comments by stakeholders until November 28th, this article takes a preliminary look at the guidelines’ main takeaways and recalls upon data breach obligations arising from other instruments that payment -, communication- and internet service providers might also have to comply with.
Ecommerce merchants, PSPs, fintech companies and financial institutions use big data technologies to improve customer intelligence, reduce risk, and meet regulatory objectives. For all companies doing business in Europe, including those based in the US or elsewhere outside the EU, it is crucial to align business operations with the General Data Protection Regulation (GDPR) that will come into force on 25 May 2018.
The General Data Protection Regulation, which saw the light of day in spring last year, is set to apply from 25 May 2018. This means that businesses and organizations of all shapes and sizes have about 16 months to prepare themselves to comply with the new set of data protection rules. However, this preparation is easier said than done.
End of November 2015, BIS’ Committee on Payments and Market Infrastructures published its report on digital currencies. The report describes the development of digital currencies and the implications for central banks, financial market infrastructures, the economy of digital currencies and the underlying decentralised payment mechanisms.
Read the press release of BIS: BIS Reports on Digital Currencies.
What does the new Payment Services Directive mean for (Controlled) Access to the Account, XS2A, API Banking, Disruptive FinTech Start Ups, Security Guidelines, strong customer authentication, Open Banking, TPP’s ... ?
In 2006, the Belgian national security services raised the issue of the unlawful acquisition of companies’ confidential information. By 2013, a quarter of all Belgian companies had reported at least one such case; an increase of 7% on the previous year. Since then the situation has worsened as many companies continue to either ignore or insufficiently protect themselves against business espionage.
The proper protection of company secrets, trade secrets and business secrets - in short, an organisation’s know-how - is crucial for maintaining a company’s competitive position.
The proposed EU Regulation on electronic identification and trust services for electronic transactions in the internal market has now been adopted, with most of its provisions taking effect from 1 July 2016. The Regulation will not only repeal the existing eSignatures Directive, it will also automatically replace any inconsistent national laws in Europe.
After ten years the Belgian regime of the tax shelter has been reformed. The amendments will be effective when the Law of 12 May 2014 amending article 194 ter of the 1992 Code of Income Taxes will enter into force.
Over the past year the Belgian parliament has been especially busy in the field of economic law and has created a new Code of Economic Law. On 31 May 2014 some important parts of this Code entered into force. This article briefly discusses the changes brought to Belgian consumer rights and protection legislation and to the pre-contractual information in commercial cooperation agreements legislation.