Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

4. Results: Answers
FinTech
5.
Data security and cybersecurity
5.1
What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?
Gibraltar

Answer ... As in the other EU member states, the EU General Data Protection Regulation (2016/679) (GDPR) applies to the processing of ‘personal data’ and builds upon Gibraltar’s Data Protection Act 2004, which was designed to implement the EU Data Protection Directive (95/46/EC). The impact is therefore comparable to that in other EU member states, in that fintech companies that process personal data falling under the scope of the GDPR will be able to process such data only insofar as the processing is done in compliance with the GDPR.

Furthermore, the Communications (Personal Data and Privacy) Regulations 2006 implement into Gibraltar law the provisions set under the EU e-Privacy Directive (2002/58/EC). The regulations:

  • afford specific privacy rights in relation to electronic communications such as marketing calls, emails, texts and faxes;
  • regulate the use of cookies and similar tracking technologies;
  • impose obligations relating to the security of communication services (and data storage); and
  • set out specific reporting obligations for security and data breaches.

Fintech businesses are at the forefront of technological development, embedding technology within their financial services offering. Therefore, electronic communications are likely to form a core part of their offering and, as such, fintech business should comply with these regulations.

For more information about this answer please contact: Anthony Provasoli from Hassans
5.2
What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?
Gibraltar

Answer ... Under Principle 7 of the Distributed Ledger Technology (DLT) Regulations, a DLT provider “must ensure that all systems and security access protocols are maintained to appropriate high standards”.

Therefore, businesses that are regulated under the DLT Regulations must prove to the regulator, the Financial Services Commission, that their cybersecurity systems are of a high standard before they can obtain the licence that is required to begin operating in Gibraltar. This in turn leads to a more secure fintech industry.

For more information about this answer please contact: Anthony Provasoli from Hassans
Contributors
Topic
FinTech