Compliance With New EU GDPR: Steps Investment Funds, Banks, Advisers and Financial Intermediaries Should Take Now

Revising Service Agreements and Internal Controls; Enhanced Disclosures, Higher Penalties

Recording of a 90-minute CLE webinar with Q&A


Conducted on Wednesday, April 25, 2018

Recorded event now available

or call 1-800-926-7926
Program Materials

This CLE webinar will discuss the first crucial steps for fund managers, investment advisers, broker-dealers and other participants in the investment fund industry to comply with Europe’s new data protection regulation. The panel will examine contractual revisions and internal governance measures that controllers and processors of personal data should put in place now.

Description

Effective May 25, 2018, the EU General Data Protection Regulation 2016/679 (GDPR) will replace the existing data protection framework, introducing enhanced obligations and substantially higher penalties for noncompliance. The GDPR expands the territorial scope of its data protection regime to include any U.S. companies that maintain personal data on European citizens regardless of whether they have any business operations in Europe.

The GDPR distinguishes between data controllers and service providers. Every entity in the funds industry ecosystem that handles personal data—including fund vehicles, investment managers, transfer agents, trustees, depositaries and administrators—must assess whether they qualify as a controller that exercises control over the processing of personal data, or a processor of personal data on behalf of data controllers.

Counsel must be able to help funds and other market participants assess their policies and practices around transparency, accountability and data governance; review subscription agreements, disclosures, data processing terms in service agreements and other data-related documents; and implement any changes required to ensure compliance with the GDPR before it goes into full force.

Listen as our authoritative panel discusses best practices for compliance with GDPR. The panel will discuss specific revisions that should be made to service contracts, privacy disclosures and other documents, how to adjust internal controls and reporting practices, and other steps to better comply with the new regime.

READ MORE

Outline

  1. GDPR
    1. Changes from previous regulation
    2. Companies with EU personal data are now subject to regulation
    3. Controllers vs. processors of data
    4. Data protection officers
  2. Framework for compliance
    1. Review and update privacy notices
    2. Review legal bases for data processing
    3. Review procedures and policies to comply with data subject rights
    4. Review and update data processing agreements
    5. Assess joint control instances
    6. Develop data breach procedures
    7. Implement data transfer mechanisms

Benefits

The panel will review these and other crucial issues:

  • What are the key features of the new GDPR?
  • How should U.S. investment funds and related businesses determine if they are subject to the GDPR?
  • How do the obligations of data controllers vary from those of data processors?
  • What steps should companies and their counsel take now to ensure compliance with the GDPR?

Faculty

Scott, Gretchen
Gretchen E. Scott

Partner
Goodwin Procter

Ms. Scott’s technology transactions practice is sector agnostic and reaches across key industry verticals, such...  |  Read More

McMullon, Kelly
Kelly McMullon

Atty
Proskauer Rose

Ms. McMullon is a member of the firm's International Labor & Employment Group. She assists clients in a wide...  |  Read More

Other Formats
— Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include program handouts. To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video

$297

Download

$297