Skip to content

MiFID, MiFID II and the GDPR

Laws and regulations are an important part of the SCOPE KYC Cloud solution. In collaboration with various lawyers, it was examined whether the solution complies with MiFID, MiFID II and the GDPR.

The asset manager and the client

The general trend is that more and more is being demanded of asset managers. New laws and regulations are created in rapid succession.

An example of this is the introduction of MiFID II (Markets in Financial Instruments Directive, the European investment directive) in January 2018.

This will lead to increasing pressure on the business model of asset managers, because complying with legislation and regulations takes a lot of time, money and effort. 

Not just MiFID II has an impact on the way of doing business

The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, will also lead to increasing pressure. The current directive with regard to the protection of personal data has been implemented in the Personal Data Protection Act (Dutch Wbp). 

The SCOPE KYC Cloud solution meets a large number of requirements that are set in the AVG / General Data Protection Regulation 2018. Examples are dual access of the information of (transparency and correctness). The correctness is guaranteed by giving the customer the opportunity to adjust the data.

The Know Your Customer solution has a clear purpose and data limitation, which is determined by the relevant legislation.

Furthermore, a number of tasks and obligations laid down in the GDPR will be taken over by SCOPE as administrator of the SCOPE KYC Cloud database and by the Microsoft Azure Cloud Platform.

The Microsoft Azure Cloud Platform has been chosen by SCOPE to host the SCOPE KYC Cloud solution. The Microsoft Azure Cloud Platform has committed to comply with several aspects of the GDPR.

How is the General Data Protection Regulation implemented in the SCOPE KYC Cloud portal?

  • Correctness

    The GDPR states that the personal data must be correct and remain correct. The correctness is guaranteed because the client has the option to adjust his or her data.

  • Transparency

    The client whose data is processed belongs to this informed, has given permission for this, and knows his rights. Transparency is created because the client has full insight into the stored data and will always have access.

  • Data restriction

    Only data that is necessary for the intended purpose is collected.

  • Storage restriction

    The personal data may not be kept longer than necessary for the intended purpose. This responsibility lies with the asset manager / advisor.

  • Purpose limitation

    The personal data is legitimized for a specific purpose, and may not be used for other purposes. The SCOPE KYC Cloud solution has a clear purpose and data limitation, which is determined by the relevant legislation.

  • Integrity and confidentiality

    Personal data must be protected against unauthorized access, loss or destruction. The Microsoft Azure Cloud Platform has been chosen by SCOPE to host the SCOPE KYC Cloud solution. The Microsoft Azure Cloud Platform is committed to comply with several aspects of the GDPR.

  • Portability

    A client can request the transfer of data, for example on behalf of another asset manager. Compliance with this obligation lies with the asset manager / advisor.

  • Accountability

    The controller must be able to demonstrate that he complies with these rules. By demonstrating that the SCOPE KYC Cloud portal meets the requirements of the GDPR.