Regulatory Alerts2017-12-28
Agreement of 20 December 2017 of the Council of the National Securities Market Commission creating a personal data file for possible infringement reports
The National Securities Market Commission (CNMV) issued an agreement on 20 December 2017 to establish a personal data file for managing reports of potential market abuse. This measure complies with Article 32 of the EU Market Abuse Regulation and Spanish Data Protection Law by ensuring the confidentiality and protection of both whistleblowers and suspected individuals. The file details the collection, storage, and security protocols for personal data submitted through specific CNMV channels.
OFFICIAL STATE GAZETTE No. 315 Thursday 28 December 2017 Sec. III. Page 129515
III. OTHER PROVISIONS NATIONAL SECURITIES MARKET COMMISSION 15707 Agreement of 20 December 2017 of the Council of the National Securities Market Commission, creating a personal data file for possible infringement reports.
Article 32 of Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (Market Abuse Regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council, and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC, establishes that Member States shall ensure that competent authorities establish effective mechanisms to allow the reporting of possible infringements or actual infringements of the said Regulation to the competent authorities. Specifically, point 2(c) indicates that these mechanisms include the protection of personal data of both the person reporting the infringement and the natural person allegedly responsible for its commission, including protection regarding the preservation of the confidentiality of their identity, at all stages of the procedure, without prejudice to the fact that such information may have to be communicated under national law, within the framework of subsequent investigations or judicial proceedings.
Given that the communication or notification of possible infringements contains personal data, it is necessary to create a personal data file, as required by Organic Law 15/1999 of 13 December on the Protection of Personal Data. In this regard, it must be noted that the creation, modification, or suppression of files by Public Administrations can only be done by means of a resolution published in the "Official State Gazette" or the corresponding official journal, in accordance with Article 20 of the aforementioned Organic Law.
Consequently, the Council of the National Securities Market Commission, in its session on 20 December 2017, has ordered the following:
The personal data file named "communication of possible infringements" is created, included in the annex to this Agreement, in compliance with the provisions of Article 20 of Organic Law 15/1999 of 13 December on the Protection of Personal Data.
Madrid, 20 December 2017.–The President of the National Securities Market Commission, Sebastián Albella Amigo.
ANNEX File: "Communication of possible infringements"
a) The purpose of the file and the intended uses for it: To carry out the appropriate management of communications regarding possible infringements in the securities market sector before the National Securities Market Commission that have been channeled through the specific means enabled for this purpose.
b) The persons or groups on whom personal data is sought or who are obliged to provide it: Any person who submits a report of a possible infringement of securities market rules to the CNMV, as well as all data of those affected by such reports. The data providers will be previously informed by the CNMV website of the existence and purpose of the system, its operation, and data protection.
cve: BOE-A-2017-15707 Verifiable at http://www.boe.es
OFFICIAL STATE GAZETTE No. 315 Thursday 28 December 2017 Sec. III. Page 129516
c) The procedure for collecting personal data: This is a partially automated procedure. Data will be collected through communications of possible infringements on paper, electronic media, by telephone, as well as through minutes obtained from "in situ" declarations.
d) The basic structure of the file and the description of the types of personal data included in it: Data of the reporter, such as name and surname, postal address, electronic address, and telephone number; data of persons who may be affected by the reports made; as well as any behavior, actions, or facts that may constitute violations of Securities Market rules.
e) The transfers of personal data and, where applicable, the transfers of data to third countries: Data may be transferred within the scope of cooperation with competent authorities of other Member States in accordance with the Securities Market Law.
f) The bodies of the Administrations responsible for the file: National Securities Market Commission, Calle Edison, number 4. 28006 Madrid, telephone 91 585 15 00.
g) The services or units before which the rights of access, rectification, cancellation, and opposition may be exercised: National Securities Market Commission.
h) The security means with indication of the basic, medium, or high level required: Medium.
cve: BOE-A-2017-15707 Verifiable at http://www.boe.es http://www.boe.es OFFICIAL STATE GAZETTE D. L.: M-1/1958 - ISSN: 0212-033X