Thu, May
76 New Articles

Large Body of New Regulation to Affect Financial Services and Data Protection

Large Body of New Regulation to Affect Financial Services and Data Protection

Czech Republic
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Legislators on both the European and Czech level have been active in adopting new regulations that influence several areas of the modern economy. Financial services, with consumer finance on one side and markets in financial instruments on the other, have been at the center of these efforts. Financial regulation is not, however, the only measure heavily affecting banks, investment firms, and FinTech companies by putting new compliance requirements in place. Another huge legal instrument – the General Data Protection Regulation adopted on the EU level in 2016 – imposes new requirements on all companies dealing with personal data.

Consumer Finance and the New Consumer Credit Act

On December 1, 2016, the new Consumer Credit Act took effect in the Czech Republic. This new law was designed to clear the consumer loans market – which had been flooded by dubious businesses providing subprime loans for sky-high interest rates – by imposing vigorous regulatory requirements on non-bank providers of consumer loans, which until then had been able to conduct business on the basis of a simple trade license. 

Under the new Act, such non-bank providers need to obtain a special permit from the Czech National Bank (CNB), newly empowered with regulatory authority over the consumer loans market. These licenses can only be issued to companies with a registered share capital of at least CZK 20 million (approx. EUR 750,000). The procedure resembles the bank licensing process in its complexity. Each provider must submit several documents and internal policies to the CNB reflecting compliance with the Act’s requirements, including the professional capacity of employees and compliance with strict procedures regarding the assessment of creditworthiness, AML rules, policies for communication with customers and for enforcing claims, IT security, and so on. 

The “cleansing effect” of the new legislation is apparent from the fact that as of March 1, 2017, only 107 applications for the CNB permit had been filed, in part because many firms lacked the resources to comply with the capital requirements. Those providers filing applications before that date are permitted to continue their business until the CNB decides on their request. The CNB has up to 15 months to make its final decision on any application, and as of May 8, 2017, no permits had been granted.

A Major Overhaul in Personal Data Protection

The General Data Protection Regulation, intended to harmonize and modernize European data protection rules, will take effect and replace the existing laws of the EU member states on May 25, 2018. In the wake of the Regulation, various businesses began the process of reviewing their data processing activities and internal procedures to prepare for the new rules. 

Meanwhile, the European Data Protection Working Party, an independent EU advisory body on data protection and privacy, started issuing guidelines on the unclear elements of the Regulation. In one of the April guidelines, the Working Party has addressed a frequent question of many companies, especially Internet firms and FinTechs: Will we need to appoint a Data Protection Officer? 

Under the Regulation, a DPO (a designated person responsible for data protection compliance) is mandatory where the company’s core activities require regular and systematic monitoring of data subjects on a large scale or large scale processing of sensitive data. 

The Working Party’s opinion clarifies that “core activities” are those operations that are an inextricable part of the company’s activity and cites a hospital processing patients’ health records and a security company surveilling public space as examples. By contrast, a company’s processing of personal data of its own employees is merely an ancillary activity. “Regular and systematic monitoring” includes all forms of online tracking and profiling, including, among other things, processing for the purposes of data-driven marketing activities, credit scoring, or location tracking. Consequently, a DPO will be necessary in many technology startups and companies developing mobile apps or providing consumer loans online.

By Jan Kotous, Counsel, Head of Corporate/M&A, and Jan Gerych, Associate, Wolf Theiss

This Article was originally published in Issue 4.5 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Czech Republic Knowledge Partner

PRK Partners, one of the leading Central European law firms, has been helping clients achieve their business objectives almost 30 years. Our team of lawyers, based in our Prague, Ostrava, and Bratislava offices, has a unique knowledge of Czech and Slovak law and of the business environment. Our lawyers studied at top law schools in the United States, United Kingdom, Switzerland and elsewhere. They also have experience working for leading international and domestic law firms in a number of jurisdictions. We speak your language, too. Our legal team is fluent in more than 15 languages, including all the key languages of the region.

PRK Partners has one of the most experienced legal teams on the market. We are consistently rated as one of the leading law firms in the region. We have received many significant honours and awards for our work. We represent the interests of international clients operating in the Czech Republic in an efficient way, combining local knowledge with an understanding of their global requirements in a business-friendly approach. We are one of the largest law firms in the Czech Republic and Slovakia. Our specialised teams of lawyers and tax advisors advise major global corporations as well as local companies. We provide comprehensive legal advice drawing on our profound knowledge of local law and markets.

Our legal advice delivers tangible results – as proven by our strong track record. We are the only Czech member firm of Lex Mundi, the world's leading network of independent law firms. As one of the leading law firms in the region, we have received many national and international awards, in some cases several years in a row. Honours include the Chambers Europe Award for Excellence, The Lawyer and Czech and Slovak Law Firm of the Year. Thanks to our close cooperation with leading international law firms and strong local players, we can serve clients in multiple jurisdictions around the globe. Our strong network means that we can meet your needs, wherever you do business.

PRK Partners has been repeatedly voted among the most socially responsible firms in the category of small and mid-sized firms and was awarded the bronze certificate at the annual TOP Responsible Firm of the Year Awards.

Our work is not only “business”: we have participated on a longstanding basis in a wide variety of pro bono projects and supported our partners from the non-profit sector (Kaplicky Centre Endowment Fund, Tereza Maxová Foundation, Czech Donors Forum, etc.).

Firm's website: www.prkpartners.com

Our Latest Issue