The imminent implementation of the General Data Protection Regu­lation (GDPR) will bring about significant changes to the way in which businesses process personal data. The GDPR applies to any personal data that may directly or indirectly lead to the identification of a natural person.

One aspect of these changes that is often overlooked is that the GDPR applies to employees’ as well as to clients’ personal data. As a result, most businesses are likely to be affected by the GDPR in some way or another.

But there is more to contend with. The 4th Anti-Money Laundering Directive (4AMLD) was transposed into Maltese law with effect from January 1, 2018. Dovetailing the requirements ema­nating from these two regulatory regimes may prove hardly straight­forward: indeed, balancing their respective conflicting exigencies is likely to be challenging.

It is important to explore three distinct facets of this rapid­ly escalating conundrum.

In seeking to fulfil anti-money laundering (AML) obligations by undertaking projects such as the installation or upgrading of screening tools, the introduction of regulatory technology in know-your-client/customer due diligence processes, the development of data mining of customer data for detection of suspicious activity, and simi­lar measures, the preservation of data privacy standards under the GDPR may be compromised.

It is also interesting to consider the implications that both the 4AMLD and GDPR will have on the future development of nascent technologies. There is much specu­lation surrounding the potential use of artificial intelligence in the monitoring and compliance as­pects of AML practices. However, artificial intelligence is only as good as the data it is fed. To this end, it would be unfortunate if the strict application of the GDPR were to result in the development of innovative technology being inhibited.

On the other hand, it may be argued that the need for protection of the data subject underlying the GDPR outweighs the potentially advantageous functions of these data-thirsty technologies.

A third view is that emerging technologies such as artificial in­telligence and blockchain should actually be considered, and en­dorsed, as valuable tools for the facilitation of compliance with both the GDPR and 4AMLD.

Another fertile ground for questions relating to data protection and AML obligations is the changing regulatory landscape of remote and land-based gaming and gambling. On February 5, the Malta Gaming Authority, in collaboration with the Financial Intelligence Analysis Unit, published a revised consultation document on the application of AML and counter financing of terrorism obligations in the remote gaming sector. This document raises several important questions as to the ways in which licensees can balance their AML and data protection obligations and the expectations of regulatory authorities thereon.

These, among the other themes, will be discussed at Camilleri Preziosi Advocates’ Data Protection and AML Conference, to be held on Friday from 2 to 6pm at the Palace Hotel, High Street, Sliema. Visit www.camilleripreziosi.com for more information or e-mail conferences@camilleripreziosi.com to reserve a place.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.