Interested in training for your team? Click here to learn more

Compliance With New EU GDPR: Steps Investment Funds, Banks, Advisers and Financial Intermediaries Should Take Now

Revising Service Agreements and Internal Controls; Enhanced Disclosures, Higher Penalties

Recording of a 90-minute premium CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Wednesday, April 25, 2018

Recorded event now available

or call 1-800-926-7926

This CLE course will discuss the first crucial steps for fund managers, investment advisers, broker-dealers and other participants in the investment fund industry to comply with Europe’s new data protection regulation. The panel will examine contractual revisions and internal governance measures that controllers and processors of personal data should put in place now.


Effective May 25, 2018, the EU General Data Protection Regulation 2016/679 (GDPR) will replace the existing data protection framework, introducing enhanced obligations and substantially higher penalties for noncompliance. The GDPR expands the territorial scope of its data protection regime to include any U.S. companies that maintain personal data on European citizens regardless of whether they have any business operations in Europe.

The GDPR distinguishes between data controllers and service providers. Every entity in the funds industry ecosystem that handles personal data—including fund vehicles, investment managers, transfer agents, trustees, depositaries and administrators—must assess whether they qualify as a controller that exercises control over the processing of personal data, or a processor of personal data on behalf of data controllers.

Counsel must be able to help funds and other market participants assess their policies and practices around transparency, accountability and data governance; review subscription agreements, disclosures, data processing terms in service agreements and other data-related documents; and implement any changes required to ensure compliance with the GDPR before it goes into full force.

Listen as our authoritative panel discusses best practices for compliance with GDPR. The panel will discuss specific revisions that should be made to service contracts, privacy disclosures and other documents, how to adjust internal controls and reporting practices, and other steps to better comply with the new regime.



  1. GDPR
    1. Changes from previous regulation
    2. Companies with EU personal data are now subject to regulation
    3. Controllers vs. processors of data
    4. Data protection officers
  2. Framework for compliance
    1. Review and update privacy notices
    2. Review legal bases for data processing
    3. Review procedures and policies to comply with data subject rights
    4. Review and update data processing agreements
    5. Assess joint control instances
    6. Develop data breach procedures
    7. Implement data transfer mechanisms


The panel will review these and other crucial issues:

  • What are the key features of the new GDPR?
  • How should U.S. investment funds and related businesses determine if they are subject to the GDPR?
  • How do the obligations of data controllers vary from those of data processors?
  • What steps should companies and their counsel take now to ensure compliance with the GDPR?


Scott, Gretchen
Gretchen E. Scott

Goodwin Procter

Ms. Scott’s technology transactions practice is sector agnostic and reaches across key industry verticals, such...  |  Read More

McMullon, Kelly
Kelly McMullon

Proskauer Rose

Ms. McMullon is a member of the firm's International Labor & Employment Group. She assists clients in a wide...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video