Home Comparative Guides FinTech

Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

1
TOPIC
4
RESULTS: Answers
4. Results: Answers
FinTech
5.
Data security and cybersecurity
5.1
What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?
France
Kramer Levin Naftalis & Frankel LLP

Answer ... Data protection rules applicable in France arise from the General Data Protection Regulation (2016/679) (GDPR), which is directly applicable in France. The GDPR regulates the collection and processing of personal data, and specifies the rights of persons whose data is collected.

The key principles of the GDPR are as follows:

  • Personal data may be collected only with the agreement of the persons whose data is collected or if its collection is necessary for the performance of a contract or compliance with a legal obligation;
  • The amount of data collected should be reduced to a minimum when possible and stored for a reasonable duration;
  • The data must be accessible only by company employees whose functions require such access;
  • The persons whose data is collected have the right to access, rectify and erase their data; and
  • The company collecting personal data must implement adequate security measures.

The GDPR also regulates cross-borders transfers of data. Generally speaking, personal data shall not be transferred to non-EU countries unless the third country is considered by the European Commission to offer the same degree of protection or adequate guarantees are implemented.

Although the GDPR is directly applicable, French law provides for some additional rules and procedures. The Commission Nationale de l'Informatique et des Libertés (National Commission on Informatics and Liberty) is the national authority which monitors data privacy issues and may impose sanctions on non-compliant entities.

For more information about this answer please contact: Hubert De Vauplane from Kramer Levin Naftalis & Frankel LLP
5.2
What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?
France
Kramer Levin Naftalis & Frankel LLP

Answer ... The regulation of cybersecurity arises from the transposition of the Network and Information Security Directive (2016/1148). The key obligation is the duty of entities designated as ‘operators of essential services’ to notify the Agence nationale de la sécurité des systèmes d'information (National Cybersecurity Agency of France) of any security breach or incident.

Most regulated financial and banking institutions are considered as operators of essential services, which means that fintech companies that provide regulated services will normally be regarded as operators of essential services under this regulation.

For more information about this answer please contact: Hubert De Vauplane from Kramer Levin Naftalis & Frankel LLP
Contributors
Topic
FinTech
Emily Reid
Emily Reid
Hogan Lovells
Contributing Editor
Article Author(s)
Hubert De Vauplane
Victor Charpiat
Kramer Levin Naftalis & Frankel LLP
France

  © Mondaq® Ltd 1994 - 2024. All Rights Reserved.