From the GDPR Effective Date, the GDPR will be the main instrument governing EU data protection law across all Member States and equivalent jurisdiction (Jersey and Guernsey being 2). The Directive, which is almost 20 years old, will be repealed. However, the relationship between the GDPR and some other laws remains unclear and is subject to guidance from the European Data Protection Board [EDPB] that will not be published for some time.

All types of organisations are affected by the adoption of the GDPR; however, the potential uncertainty regarding the relationship between the GDPR and other laws is likely to be an issue for FINANCIAL SERVICES PROVIDERS in particular.

Organisations (and in particular, Financial Services Providers) should identify whether there are any rules to which they are presently subject, that are likely to conflict with the GDPR.

Where relevant, industry associations should prepare submissions in the first instance to the Emma Martins, at the Office of the Information Commissioner requesting or proposing clarifications on key areas.