Jump to Content Jump to Main Navigation

Part B Commentary, 4 ESMA and Competent Authorities, Art.28: Data protection

Edited By: Marco Ventoruzzo

From: Market Abuse Regulation: Commentary and Annotated Guide (2nd Edition)

Edited By: Marco Ventoruzzo, Sebastian Mock

From: Oxford Legal Research Library (http://olrl.ouplaw.com). (c) Oxford University Press, 2023. All Rights Reserved.date: 27 May 2024

Market abuse — Regulated activities — European Securities and Markets Authority (ESMA)

This chapter explores some special rules for the overall processing and transfer of personal data as detailed in Article 28. The exchange of information is part of the cooperation between the competent authorities, between a competent authority and the European Securities and Markets Authority (ESMA), or between a competent authority and authorities of third countries. The exchanged information may contain personal data; therefore, special provisions concerning the processing of this information are required. Article 28 obliges the competent authorities to carry out their duties specified in this Regulation in accordance with the GDPR (2016/679/EU). The ESMA is further obliged to comply with the Regulation (EU) 2018/1725 when personal data are processed. According to the last sentence of Article 28, personal data shall only be retained for a maximum of five years.

Users without a subscription are not able to see the full content. Please, subscribe or login to access all content.