GDPR – Getting Data Protection Right for Asset Managers

Data is now the most valuable commodity in the modern economy, making it a target for those who wish to exploit it by any means necessary. Regulators are scrambling to keep up and ensure personal data is not compromised. On May 25th, the EU will implement unprecedented data protection regulations. Rarely a day passes without a report of a data breach, hack, or cyber threat. Last week, the Securities Exchange Commission announced that hackers had breached its systems, resulting in the intruders making illegal profits leveraging the stolen information. This disclosure follows on the heels of the Facebook Cambridge Analytica breach, currently in the news. Global regulators are requesting more data from banks and asset managers for regulatory reporting, increasing the volume and detail of data flow, which then increases the risk confidential information will end up in the wrong hands. Asset management is no stranger to personal, sensitive, and valuable data. To comply with regulations and retain trust with investors, cybersecurity must rank highly among the business priorities of asset managers. The implementation of the upcoming General Data Protection Regulation (GDPR) aims to move cybersecurity standards to the next level.

Europe Gets Serious on Data Protection

GDPR represents the EU’s attempt to boost data protection standards across all industries. GDPR replaces the existing patchwork quilt of country-level data protection rules, harmonising standards and obligations  across all EU member states. It applies to the processing of personal data by controllers and processors in the EU even if the processing takes place in another part of the world. Hence, global asset managers, UCITS management firms and Alternative Investment Fund Managers all fall within the scope of GDPR. GDPR ushers in an era that acknowledges the volume and value of personal data in the modern digital world. It sets stringent parameters on the use of personal data and substantially increases EU citizen’s rights regarding use of their confidential information.

GDPR in a Nutshell

*Provides EU citizens with greater consent rights & a “right to be forgotten” *States personal data should only be retained when necessary & not kept just in case *Mandates appointing of a data protection officer *Outlines timeline for reporting data breaches *Imposes third-country standards for transfer of data to & from the EU *Enforces sanctions & fines for beaches or compliance failures.

Asset Manager Specifics

There are two specific areas of sensitivity for asset managers operating under GDPR: Transmission of personal data and the overlap with other regulatory reporting requirements, such as MiFID II. The transmission of confidential employee, company, or investor information is fundamental to asset management. The management company, fund or appointed delegates retain shareholder details as required by regulation. Many of the concepts contained in GDPR on the use and protection of personal data already exist in the industry, however the rules are codified more specifically, obligations increased and the consequences resulting from breaches are much sterner under the GDPR ruleset. If a data breach does occur, GDPR imposes fines of up to 4% of annual turnover. It also mandates that breaches are communicated within 72-hours, emphasising the need to quickly identify a breach and send efficient notifications. Asset managers also need to fully understand how MiFID II’s transaction reporting requirements intersect with GDPR. Personal details of the person executing the trades must be securely transmitted to the regulator, in this case ESMA. This new requirement removes anonymity from trading, but could also create a new type of personal data risk to asset managers complying with the reporting requirements.

With less than 63 working days before the compliance deadline, senior management needs to accept that there is no avoidance of GDPR. GDPR will curb the digital wild west and improve protection of personal data, but the cost of implementation could be high and now is the time to get started to meet the compliance deadline of May 25th, 2018.

For further advice and assistance about GDPR Gap Analysis and Data Management Audits, contact  Storm IT Financial and find out more information on Hedge Fund, Asset Management, Private Equity & Alternative Investment disaster recovery, back up, cyber security & firewall solutions, security education seminars, regulatory & Compliant  Solutions , data storage, helpdesk support, cloud & IT Services.

Storm IT Financial FinTech News & Trends picks: Week 19th Mar – 23rd Mar 2018

Global Regulators Expand Their Remits to Cyberspace

Cybersecurity’s been growing in importance for more than a decade and regulators are introducing new cybersecurity regulation aimed at…:

https://ontheregs.com/2018/03/19/global-regulators-expand-their-remits-to-cyberspace/

Bloomberg and Thomson Reuters lose market share to smaller rivals

Global spending on financial market data, analysis and news topped $28bn in 2017, with Bloomberg & Reuters both losing market share:

https://www.finextra.com/newsarticle/31856/bloomberg-and-thomson-reuters-lose-market-share-to-smaller-rivals

10 RegTech Companies Making Waves in the Industry

Against soaring regulatory costs and FinTech innovation, RegTech gained

popularity. We take a look at some promising RegTech companies:

https://www.disruptordaily.com/10-regtech-companies-making-waves-industry/

Chancellor announces crypto task force

Chancellor Philip Hammond is to launch a cryptocurrency task force and further measures to support the fintech industry:

https://bit.ly/2G0LYMw

First blockchain structured product launched out of FCA’s sandbox

What is believed to be the first blockchain-based structured product has emerged from the Financial Conduct Authority’s regulatory sandbox:

https://bit.ly/2DOEAOq

British Chancellor to Turbocharge Fintech, New Crypto Taskforce to Launch

Chancellor Philip Hammond is set to launch a fintech strategy this week to bolster the industry in the UK:

https://www.trustnodes.com/2018/03/18/british-chancellor-turbocharge-fintech-new-crypto-taskforce-launch

Most businesses unprepared for digital transformation

Customer experience, business processes, and innovation are all im- portant considerations:

https://www.itproportal.com/news/most-businesses-unprepared-for-digital-transformation/

Threat of Russian cyber reprisal puts UK finance, power and water on high alert

Britain’s infrastructure ready as intelligence service warns of risk of virtual strike by Moscow:

https://bit.ly/2pzz792

Asset managers will rue failure to tackle costs

Amazon-type marketplace would be nightmare scenario for traditional fund houses:

http://on.ft.com/2DOQZla

Windows no longer Microsoft’s main focus that being the Cloud & Azure

Windows stagnant as cloud, enterprise booms:

https://bit.ly/2ud4A6r

Pontus Vision releases open source GDPR tool

London-based Regulatory technology (RegTech) Pontus Vision has released an open source GDPR tool:

https://bit.ly/2pynzDF

Gartner Survey Reveals ‘Business Value or Benefits Realisation’ Is the Leading IT Cost-Optimisation Priority for CIOs

IT cost optimisation in most firms is now largely focused on business optimisation rather than cost cutting….:

https://www.gartner.com/newsroom/id/3869163