General Data Protection Regulation (GDPR)
This page houses all information in relation to MOSL’s compliance with General Data Protection Regulation (GDPR) and compliance of the market and its Market Operator systems. Information on this page relates to MOSL’s obligations towards personal data held in the central market systems, rather than personal data it has collected and holds as a business (such as employee data).
Summary of Arrangements
Under the GDPR, data controllers who jointly control personal data must make available to data subjects a summary of the arrangements and allocation of responsibilities between them. Therefore, MOSL has provided a Summary of Arrangements that will be updated yearly (if required).
Record of Processing Activities
The GDPR requires data controllers to maintain a formal written record of processing activities under their responsibility. MOSL’s Record of Processing Activities sets out an overview of the procedures, including the legal basis, upon which personal data is processed.
For more information on the rights of data subjects and how to enact them, please refer to the Information Commissioner’s Office (ICO) website’s advice for the public.
Natural Persons Guidance
The Natural Persons Guidance document is designed to be a supplementary working document to support trading parties with identifying personal data, thus falling under the GDPR/Data Protection Act (DPA) scope. Please note access to this document is for members only.
Nominated Data Protection Contacts
The current list of nominated data protection contacts for all trading parties and the Market Operator is available here. This includes a primary contact for all data protection issues. Please note access to this list is for members only. The MOSL Data Protection Officer can be contacted on firstname.lastname@example.org.
Data Subject Rights Request Form
If a Data Subject Rights Request (DSRR) has been received and assistance is required from the Market Operator or another Trading Party, then a DSRR Record must be submitted using MOSL's secure management system, Kissflow. Guidance on the DSRR process and use of KIssflow can be found in the following guidance note.
The list of nominated DSRR contacts for all trading parties is available here. Please note access to this list is for members only.
Any changes to these nominated contacts for your organisation should be notified to MOSL promptly. Please provide details to email@example.com.
To keep the overall cost of Kissflow licence fees low for the industry, licences will be activated on request. Nominated points of contact will need to write to firstname.lastname@example.org to activate their licence when using it for the first time.