The General Data Protection Regulation (the “GDPR”) came into effect on 25 May 2018 and is designed to harmonise national data protection laws across the EU, while at the same time, modernising the law to address new technological developments. As a regulation, the GDPR is directly applicable, and therefore enforceable, in all 28 EU Member States. For an interesting summary, check out this infographic from the European Commission's official website.
However, for those entities based outside of the EU, but who may do business within, or market to, the EU, or have EU clients, you may be asking: how will the GDPR affect you? This question is the focus of this post, as entities based in the EU will, no doubt, have obtained advice locally with regard to their compliance requirements.
In a recent announcement, the Premier of Bermuda, David Burt, who is also Minister of Finance, made it clear that his intention is for a “new class of bank” to come to Bermuda, with legislation on the way to create new services to cater to Bermuda-based FinTech companies. This was due to the island’s fledgling FinTech sector facing “understandable resistance” from banks, as their business model “does not fit the mould of what we have come to know as Bermuda’s traditional model.”
During April 2018, the Government of Bermuda tabled the Companies and Limited Liability Company (Initial Coin Offering) Amendment Act 2018 (the “ICO Act”), introducing a statutory framework for initial coin offerings (“ICOs”). By implementing this new legislation, the Bermuda Government is hoping to lay the foundation for the jurisdiction to become a leading global blockchain and ICO centre. The ICO Act regulates offerings of ‘digital assets', which are meant to capture all of the various categories of digital coins and tokens (whether they be utility, securitized, equity or otherwise) being issued as ICOs and via token sales. The purpose of the ICO Act is to only regulate those ICOs and token sales which are public crowd funding or similar type projects. It is not intended to regulate either private sales or those which are engaged in the business of pure virtual currency issuances. Digital asset offerings will be conducted in accordance with the requirements of published regulations as well as ongoing supervision and compliance requirements, including AML/ATF.