General Data Protection Regulation: GDPR
On May 4, 2016 the General Data Protection Regulation “GDPR” (Regulation 2016/679) was published in the Official Journal, replacing the former Directive. This revised directive will be applicable in all EU Member States as of May 25, 2018 and does not require the implementation of national legislation.
One of the key items addressed as part of this new Regulation is the requirement for ensuring that companies established outside EU Member States apply the same rules when they are process personal data about an EU subject.
Key changes to be aware of:
The European Commission Publishes Draft ePrivacy Regulation:
On the 10th January the European Commission (‘the Commission’) published the “Draft ePrivacy Regulation” , which intends to repeal Directive 2002/58/EC (‘the ePrivacy Directive’).
In light of the significant evolution that electronic communications services have undertaken in recent years, the Commission issued the Draft in order to ensure that the rules and developments in this area are in line with the General Data Protection Regulation (‘GDPR’). The intention was also to safeguard the potential for innovation whilst also maintaining appropriate levels of security and protection for customers.
Once passed, the ePrivacy Regulation will be applicable from 25 May 2018. Key items in the draft that ensure enhanced protection and new opportunities are:
GDPR will be enforced from May 2018 and will focus on data protection for individuals, further facilitating the control of personal data. The limitations of GDPR lie in its narrow focus on protecting individuals and their personal data. It does not extend to business-to-business communication or individuals in the instances where the communication does not include personal data
The Draft ePrivacy Regulation compliments GDPR to ensure that the fundamental right to protection, with respect to people’s private lives, is upheld throughout all digital communication.
The new ePrivacy rules give citizens and companies specific rights to protection that are not provided by the GDPR. For example, they guarantee the confidentiality and integrity of users’ devices (i.e. laptop, smartphone, tablets) as smart devices should only be accessed if the user has given their permission.
CRS Update: Cayman Islands “Second Tranche”
As an early adopter of the global Common Reporting Standards (CRS), in December 2016 the Cayman Islands Government approved the amendments to the CRS Guidelines applicable in Cayman (known as “Second Tranche”) to ensure an effective and appropriate implementation.
These amendments will be implemented in conjunction with the launch of the Cayman AEOI (Automatic Exchange of Information) portal to facilitate notification and filing (estimated completion by Q1 2017).
The Cayman Islands has also opted for a wider approach regarding CRS Due Diligence, taking into consideration that the list of Participating jurisdictions might be amended by the OECD at later stage, it now looks to identify the tax status of all investors and their controlling persons – not only the ones deemed reportable.
Click Here for CRS Services.
CRS differs from FATCA in that every Cayman Financial Institution, whether classified Reporting or Non-Reporting, has an obligation to notify the Tax Information Authority (“TIA”) by April 30, 2017 via the updated Portal. In addition to the Principal Point of Contact, the notification must also include an individual that is authorised to provide the required information of any changes to TIA with respect to the notification.
The Financial Institutions that have already notified the TIA of their status, for FATCA purposes, must still update their notifications to confirm whether they are also reportable for CRS or not.
Along with the notification, CRS also imposes the obligation to report via the Cayman AEOI Portal by May 31, 2017. The reports will be applicable to:
Written Policies and Procedures:
Each reporting financial institution must establish and implement written policies and procedures to comply with CRS. These policies and procedures will have to address the obligations regarding due diligence, record keeping, notification and reporting to the TIA via the Cayman AEOI Portal, as well as information regarding the appointment of any third parties and cooperation with the TIA’s compliance measures.
By December 31, 2017, Financial institutions are expected to ensure that Due Diligence Procedures are completed, at a minimum, for low-value pre existing individuals accounts and for entities accounts.
Going forward into 2017, Cayman reportable financial institutions will report on UK Reportable Persons pursuant to the CRS Regulations instead of the UK Regulations.
Click Here for Apex FATCA Services | Click Here for the differences between FATCA and CRS
Penalties and Offences:
CRS offences are largely comparable to those detailed under FATCA, although the financial penalties for non-compliance are more severe – CRS penalties have increased:
Click Here for Apex Regulatory Services.
By clicking the button you confirming that you’re agree with our following Terms and Conditions