Bringing you live news and features since 2013
Bringing you news, views and analysis since 2013
Regulations check-list

25182

Why 2017 must be the year of compliance. Part 1: GDPR

RELATED TOPICS​

By George Ralph, RFA – It’s August already, and 2017 is over half gone. There are two major pieces of legislation coming into effect in early 2018, which will affect alternative investment firms in the UK, and firms worldwide who are holding data on European citizens, or trading with firms in the EU.

The EU General Data Protection Regulation (GDPR) represents the most significant change in global privacy law in 20 years. GDPR places important new obligations on any business that handles the data of individuals living in the EU, independent of where the business is located. The second regulation, absolutely critical for financial services firms, is MiFID II. MiFID II adds an extraordinary reporting and data collection burden onto buy and sell side firms, and will require a thorough overhaul of systems, policies and procedures in order to comply.

If you’re not already doing so, here’s how I believe you should be approaching the first of these two major pieces of legislation: GDPR.

1) Knowledge is power. Evaluate your existing data – understand where it is, why you have it, how old it is, who it belongs to and if the subject has given consent for you to hold that information.

2) Plan to carry out a Data Privacy Impact Assessment before processing any new personally identifiable information.

3) Map your data against GDPR regulations, specifically; categorizing data so that it can be safely deleted at the end of the timespan, if the data is no longer needed for the original purpose, or if the subject requests it. 

4) Ensure the data is stored according to GDPR regulation. Data should be secure. Tokenizing or encrypting data will keep it secure and authentic. Data should be portable. Use non-proprietary systems with open standards where possible, and ensure that all data and associated files can be transferred to another system when needed.

5) Understand the risk of non-compliance. Fines of up to £17m or 4% of annual turnover can be levied.

6) Consider trans-Atlantic data transfers and client handling activity, and ensure GDPR activities also meet US regulations like Privacy Shield.

7) Update internal policies and processes. Review and update privacy notices and create a GDPR compliant process for data access requests. Plan how requests to move or transfer data will be addressed.

8) Ensure widespread buy-in. Gather key company stakeholders and get them to read, input into and agree your GDPR action plan. Involve representatives from each department, front office, HR, PR, the board of directors, legal and compliance. 

If you are still in doubt about what to do and when you need to do it. The answer is to call a knowledgeable partner, now!

Latest News

GAM Investments and Sun Hung Kai & Co, a Hong Kong-based alternative investment firm, are..
PwC’s Global Entertainment & Media Outlook 2024-28, covering 13 sectors across 53 countries and territories,..
London-based Nickel Digital Asset Management (Nickel) writes that it has delivered a record first half..

Related Articles

Green energy
2024 has been the strongest ever year for green bond sales, with deals topping USD356 billion in the first six months, according to research from Bloomberg...
2024 has been the strongest ever year for green bond sales, with deals topping USD356 billion in the first six..
infrastructure headline
The new Labour government has launched a GBP7.3 billion National Wealth Fund which will target private capital to support the UK’s growth ambitions...
The new Labour government has launched a GBP7.3 billion National Wealth Fund which will target private capital to support the..
Tom McPhail, lang cat
Today’s news of a landslide victory from the UK’s Labour party, finds that the markets had mostly factored in a widely predicted Labour win...
Today’s news of a landslide victory from the UK’s Labour party, finds that the markets had mostly factored in a..
Pensions might not feature at the top of the political parties’ manifesto promises this election, but their role in driving the UK’s growth ambitions is increasingly on investors’ agendas...
Pensions might not feature at the top of the political parties’ manifesto promises this election, but their role in driving..
Subscribe to the Institutional Asset Manager newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by