The following article was contributed by the full service accounting and advisory firm, Baker Tilly.
Asset management organizations including hedge funds, private equity entities, investment advisors and broker-dealers could be affected by GDPR.
What is GDPR?
General Data Protection Regulation (GDPR) is the European Union (EU) regulation that also applies to companies outside of the geographic EU. It governs the collection, processing, use and storage of personal data relating to any individual in the EU (i.e., citizens, residents and visitors), as well as EU citizens living abroad. Read our overview to understand more.
How do I know if my company is affected?
The regulation applies to all organizations processing and holding the personal data of EU citizens, regardless of the organization’s location.
If you answer yes to any of these questions, you are likely affected:
- Do you have a physical presence in the EU?
- Do you have EU citizen or resident data stored in your databases? For example customer, investor or employee contact data.
- Do you market to EU citizens or residents? For example conferences, events, advertising or website cookies.
What should I do now?
First, learn about your GDPR footprint through our quick assessment tool. Talk with your Baker Tilly advisor about conducting a GDPR readiness and risk assessment, and begin evaluating your current cybersecurity program in the context of GDPR compliance.
The GDPR regulations are far-reaching and many companies are unprepared for compliance. Don’t leave your organization exposed to regulatory fines, contact us to discuss your situation today.
Regulation impact
The GDPR will be enforced beginning May 25, 2018.
Noncompliance penalties are significant. Organizations in breach of the GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).
Leave a Reply