Abstract
This chapter explores some special rules for the overall processing and transfer of personal data as detailed in Article 28. The exchange of information is part of the cooperation between the competent authorities, between a competent authority and the European Securities and Markets Authority (ESMA), or between a competent authority and authorities of third countries. The exchanged information may contain personal data; therefore, special provisions concerning the processing of this information are required. Article 28 obliges the competent authorities to carry out their duties specified in this Regulation in accordance with the GDPR (2016/679/EU). The ESMA is further obliged to comply with the Regulation (EU) 2018/1725 when personal data are processed. According to the last sentence of Article 28, personal data shall only be retained for a maximum of five years.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
