Market Monitoring - 03/06/2020

Application of the General Data Protection Regulation (GDPR)

The European Union’s Global Data Protection Regulation (GDPR) came into effect on May 25, 2018 and governs the acquiring, processing and storage of personal data of current and former EU residents.

The California Consumer Privacy Act (CCPA) came into effect on January 1, 2020 and governs how companies process data for individuals living in California.  In Brazil, the General Data Protection Law (LGPD) will come into force on August 16, 2020.

All of these regulations aim to protect individual rights. For IR teams, this implies in having candid conversations with their service providers on how they are processing data and what storage methods are used, especially regarding information security and data confidentiality at the source where information was collected:

  • Use of cookies in IR websites;
  • Registration data on platforms that require login and password;
  • Data obtained from the Webcast access form;
  • Data obtained from the Mailing registration form;
  • Data obtained from the Contact IR form;
  • How shareholder data from the custodian bank’s file is controlled.