Reports: GDPR Compliance Costly and Operationally Challenging

An article by lawyers at Katten Munchin provides an overview of the EU’s General Data Protection Regulation (GDPR) which seeks to overhaul data protection standards across Europe. Affiliates of mutual funds may be affected by the standards, as opposed to funds themselves which typically do not possess customer data. According to the article, the GDPR “places obligations on asset managers who have an office in the EU/EEA; offer goods and services (such as managed account management services or fund management) to individuals located in the EU/EEA (regardless of whether a fee is charged for that service); or monitor the behavior of individuals located in the EU/EEA.” The GDPR became law on May 25, however the Financial Times observed that many businesses are unprepared to comply with the new rules and some countries have not yet passed the legislation necessary to implement GDPR on a national scale or to even enforce the rules. Also, compliance with the standards is proving expensive, according to the Wall Street Journal which cited research suggesting small firms could spend up to $5 million and large firms $25 million to become GDPR-compliant.