1.5 Extra-Territorial Reach of Legislation Flashcards
Chapter 1 The International Regulatory Environment
A Singapore-based fintech firm collects behavioural data through a mobile investment app used by EU residents.
Which of the following statements best reflects the firm’s obligations under GDPR?
A. The firm is not subject to GDPR as it is not physically established in the EU.
B. The firm must appoint a Data Protection Officer within the EU and comply fully with GDPR.
C. The firm must comply with GDPR due to monitoring of behaviour within the EU, and appoint a representative in the EU.
D. The firm must comply only if it processes special category data such as political opinions or health records.
Correct Answer: C
Rationale:
GDPR applies extraterritorially to any non-EU entity that offers goods/services or monitors behaviour of data subjects in the EU. A representative in the EU is required, even if not established in the EU.
An analyst at a UK investment firm shares non-public performance projections with a hedge fund manager ahead of a trading recommendation. The instrument is traded on an MTF. Which regulatory breach is most relevant?
A. Violation of EMIR rules on OTC derivative clearing
B. Insider dealing under the Market Abuse Regulation (MAR)
C. Inducement rules under MiFID II
D. Failure to implement GDPR-compliant data policies
