Hacia una gobernanza corporativa y supervisión coherentes de la gestión de datos personales y de infraestructuras digitales en las entidades del sector financiero

Abstract

Financial sector Networks and Systems Security, or Operational Digital Resilience of the Networks and Systems that support the activities of the financial sector are at the forefront of the European agenda. The DORA Proposal, which reflects the European Commission Legislative Draft for that purpose, will be a fundamental part of the sector’s operations, once it is approved. DORA poses major operational and governance challenges, both internally and externally for financial institutions (as well as for their digitised ICT service providers). In addition, it raises very important questions regarding the fulfilment of data protection requisites that apply in place in the European Union. In this respect, the main challenges herein analysed are the relationship between corporate functions derived from one and the other frameworks, storage and impact assessments, outsourcing of certain digitised ICT services, international transfer of data (and services), notifications to data subjects and supervisors. With the support of reports, doctrine and previous work, these pages provide a detailed overview of the aspects addressed, thus, offering some ideas for the better integration of the projected Operational Digital Resilience Framework and European Data Protection Law, pending the final adoption of the Operational Digital Resilience Regulation.