To the members of the regulatory committee:


Happy New Year to you all. Despite the holiday season Brussels has still been busy. The end of last year saw activity on the General Data Protection Regulation (GDPR) with the Article 29 Working Party issuing its first set of guidelines and the three supervisory authorities for the financial sector kick off a consultation on Big Data and this month we have already seen further work on SME Access to Finance as part of the Capital Market Union Action Plan. So all the indications are that this year (2017) will be another busy one in Brussels as regulators, policy makers and politicians continue to stimulate growth in Europe and protect citizens rights whilst trying to get their heads round the world of digital data.



On 16 December 2016, the Article 29 Working Party (WP29), the leading European Advisory Body on data protection and privacy, published three sets of guidelines intended to assist companies in their preparations for the implementation of the new EU General Data Protection Regulation (GDPR), which will become applicable in all EU Member States as of May 2018.

The WP29 published the following guidelines:

?  Guidelines on the right to “data portability” – providing guidance to data controllers regarding the new right to data portability, provided under article 20 of the GDPR.

?  Guidelines on Data Protection Officers (‘DPOs) – clarifying the provisions on regarding DPO to help data controllers and processors to comply with the law and to assist DPOs in their role. Under the GDPR, the role of DPOs is central for ensuring compliance with the new data protection rules. Therefore, under the GDPR, it is mandatory for certain controllers and processors to designate a DPO. This will be the case for all public authorities and bodies (irrespective of what data they process), and for other organisations that – as a core activity – monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale.

?  Guidelines for identifying a controller or processor’s lead supervisory authority – clarifying the rules on identifying the authority with the primary responsibility for dealing with companies engaging in cross-border processing of personal data.

Links to the documents:

– Guidelines on the right to “data portability”<>

– Guidelines on DPOs<>

– Guidelines for identifying a controller or processor’s lead supervisory authority<>


It has been established from our contacts in Brussels that the European Commission will further postpone the publication of its Action Plan on Retail Financial Services (initially scheduled for late summer 2016). The publication of the Action Plan is now expected in March 2017. The Action Plan will outline the regulatory and policy action the European Commission will undertake in the coming 1-2 years in various areas related financial services, including creditworthiness information.


This month (January 2017), the European Commission launched a Collaborative Platform on SME Access to Finance. The Collaborative Platform is part of the European Commission’s initiatives under its Capital Market Union (CMU) Action Plan aimed at improving SMEs’ access to finance and in particular to alternative (non-bank) sources of funding.

The Collaborative Platform will have three main objectives:

  1. Share information on good initiatives taken by public authorities or with their support to break down information barriers standing between SMEs and prospective investors and lenders
  2. Identify opportunities for action at European level to support Member States in need of help in their efforts to replicate successful approaches and develop their information architecture
  3. Give stakeholders the opportunity to propose complementary policy measures to address these information barriers in the context of the mid-term review of the CMU Action Plan.


On 19 December 2016, the three EU supervisory authorities for the financial sector – the European Banking Authority (EBA), the European Securities Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) – launched a public consultation about the potential benefits and risk of Big Data for consumers and financial firms. The objective of the consultation is to collect feedback from a wide range of stakeholders regarding the use of Big Data in the financial services and to assess whether the any further regulatory or supervisory actions at the EU level are needed.

The deadline to respond to the consultation is 17 March 2017. BIIA will be responding to the consultation through ACCIS

Link to the consultation page:



Neil Munroe, is Deputy Managing Director  of BIIA and a member of the BIIA regulatory committee.  He can be reached at: CRS Insights Ltd – e:<> – m: +44 (0) 7710 844518, p: +44 (0) 1923 284604