On May 25, 2018, the General Data Protection Regulations (GDPR) will come into effect and be applied uniformly within each European Union member state, affecting corporations around the world. As companies enter the transition period for the legislation, organizations will need to assess their approach to data protection, undertake a gap analysis between current processes and the new requirements, and then implement any changes or improvements that are required to achieve demonstrable compliance by May 25. Recently, a top analyst from GoBuyside, a 21st century recruitment platform with a specialization in the financial sector, discussed the wide-sweeping implications we can expect the GDPR to have on the fund management industry.
The purpose of the GDPR is to affirm personal data protection as a fundamental right of the individual, and to introduce the concept of privacy “by design and by default.” In essence, it is a recasting of the principals and security obligations under the current EU Data Protection Directive. The design element of the bill requires controllers to implement appropriate technical measures, organization procedures and mechanisms that, “by default”, ensure the data can only be processed in accordance with the GDPR. An emphasis on transparency and accountability is another fundamental concept, with the legislation imposing new requirements relating to the analysis and documenting of data processing activities. Both controllers and processors will be held accountable and be expected to demonstrate their compliance, if necessary.
Unlike current data protection rules, which focus on data controllers that are established in the EU, the GDPR applies also to non-EU entities whose processing activities relate to offering goods and services to individuals within the Euro zone, said GoBuyside’s financial expert. As a result, investment fund companies, management firms, alternative investment fund managers (AIFMs), distributors, fund administrators and depositaries will each need to consider the extent to which they control or process personal data, whether relating to investors or their respective officers and employees, and ensure in each case they can operate in compliance with the upcoming legislation. The significant strengthening of protection rules emphasizes the need to ensure that each organization has full insight into the data flows concerning investor and other personal information that it controls or processes. In addition, appropriate notifications, processing agreements, transfer and security arrangements will need to be put in place to ensure the fundamental rights and freedoms of persons that are laid out within the GDPR.
GoBuyside is a 21st century recruitment platform that works with private equity firms, hedge funds, alternative investment managers, advisory platforms, and Fortune 500 companies around the world to meet their staffing needs. By leveraging proprietary technology and a diligent approach, the world-class team has created a competitive advantage in both sourcing and screening top-tier candidates. With over 500 satisfied clients and a talent network that expands over 10,000 firms and 500-plus cities across the globe, GoBuyside has effectively disrupted the traditional search model.
GoBuyside (@gobuyside) – Twitter: https://twitter.com/gobuyside