MiCA data-handling evidence
A source-backed, conservative evidence checklist for CASPs mapping personal-data processing touchpoints around competent authorities, EBA, ESMA, supervisory cooperation, and public-register hygiene.
Informational only. Not legal, regulatory, brokerage, underwriting, or insurance advice.
Data protection: ESMA's Interactive Single Rulebook publishes Regulation (EU) 2023/1114 Article 101 with the title “Data protection”. Public Article 101 text states that, for processing of personal data within MiCA, competent authorities carry out their tasks in accordance with Regulation (EU) 2016/679.
The same public text states that processing of personal data by EBA and ESMA for MiCA purposes is carried out in accordance with Regulation (EU) 2018/1725. For CASP evidence packs, the useful move is a source-linked processing map and handoff log, not a conclusion about any firm's data-protection status.
This page is a record-preparation checklist. It is not a legal interpretation, privacy assessment, data-protection opinion, supervisory-response instruction, authorisation opinion, provider endorsement, broker recommendation, or assurance about any firm, authority, processing activity, personal-data field, register entry, communication, or fact pattern.
Map personal-data fields touched by MiCA evidence workflows: applicant identity files, management-body records, qualifying-holder materials, complaints, client communications, competent-authority correspondence, and register updates.
Track whether data moves through a national competent authority, EBA, ESMA, or a public-register process, with source URL, retrieval date, evidence owner, and unresolved external-advice questions.
Connect personal-data handling notes to Article 100 professional secrecy files and Article 109 ESMA register hygiene so teams separate confidential supervisory material from public register fields.
Preserve access ownership, retention assumptions, version history, correction workflow, incident escalation, and Article 94 information-request dependencies before sharing evidence with counsel, auditors, partners, brokers, insurers, or internal-risk reviewers.
Article 101 is publicly titled “Data protection”. Public text covers processing of personal data within MiCA by competent authorities, and by EBA and ESMA for MiCA purposes, by reference to Regulation (EU) 2016/679 and Regulation (EU) 2018/1725.
CASP authorisation, governance, complaints, supervisory-response, and register workflows can include personal data. A practical evidence pack should preserve source, owner, route, access, correction, retention, and unresolved external-advice notes.
No. This page does not decide data-protection status, lawful basis, disclosure status, or register-publication outcomes. It helps teams preserve a source-backed handling record for qualified legal, regulatory, competent-authority, partner, broker, insurer, auditor, or internal-risk review.