How can wealth management firms become compliant with EU GDPR?

Olive Hawkins
May 8, 2018

It is widely recognised that customers' personal data must be given greater protection than existing regulation has previously allowed for.

Art. 33 GDPR introduces a new mandatory requirement for data controllers to notify the regulatory authority of personal data breaches with no undue delay and, where feasible, within 72 hours of awareness, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. As businesses, you will have to review your practices to be able to show you have complied with the new requirements for handling data. "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or adjustment, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 (2) GDPR).

Art. 13 and 14 of the GDPR require data controllers to provide much more detailed information to data subjects about the processing of their personal data (e.g. details of the period for which personal data will be stored, details of the data controller's legitimate interest, the data subject's right to withdraw its consent to the processing, the existence of rights to make subject access requests). The company stressed that the move is "to design for privacy in our business practices", rather than rely on the move as a shortcut to GDPR compliance. The GDPR applies to any business established outside the European Union that targets its activities to an European Union market.

As a practicing attorney that has been dealing with domestic and global data privacy for over 20 years, I can confidently state that the GDPR is comprehensive, but complicated. Ozar noted that: "As a consumer, I love a lot of things about the GDPR", though pointed out that the penalties for noncompliance-€20 million or 4% of annual worldwide revenue-"are terribad".

GDPR goes beyond trade data, as seen with MiFID II compliance, by setting out new responsibilities for the financial sector to adhere to regarding any personal data. A lack of standardisation in laws relating to data privacy has made it hard for businesses to ensure that they are not in breach of any law across jurisdictions. In fact, it is estimated that of the companies that will be subject to GDPR, as many as half will not be ready for the compliance deadline - but it is not too late to begin preparing.

Nicki Minaj announces her fourth album Queen
I'm not saying it in a cocky way'. "And I can just imagine how many girls wish they could've been on a song with Nicki Minaj ". "Motorsport" collaborators Minaj and Cardi seemingly mended their relationship after running into each other at the Met Gala .

In Nigeria, the largest rescue operation of the hostages
About 110 girls were kidnapped on February 19 by Boko Haram from a school in Dapchi town, and most were later released. The army says it has rescued over 1,000 people who were captured by the Boko Haram insurgents in Borno state.

Cuomo calls for NY attorney general's resignation amid abuse allegations
The Associated Press is identifying the two women who spoke to The New Yorker because they agreed to tell their stories publicly. Both women say they never reported the allegations to the police, but did receive medical attention for their injuries.

Still, many organizations have not taken these critical steps.

The additional security measures that are enforced under GDPR reduces the likelihood and severity of a data breach, and makes data much more hard to access in the event of a cyber-attack. All companies however, regardless of size, should consider how GDPR applies to their business.

Individuals can also object to being solicited through direct marketing based on information collected and have the right to move data collected to another entity. Using an operational data hub - a virtual filing cabinet, built on a flexible, enterprise-grade NoSQL database with integrated Google-like search, which can hold a single, unified 360-degree view of all data - can pay dividends for data challenges where the data and requests from regulators change over time.

Michael Cohen is a principal and the privacy officer at the Gray Plant Mooty law firm, where he advises clients on legal matters involving data protection, privacy and security.

Other reports by

Discuss This Article