Survey reveals lack of policies for obtaining client consent
The largest single change to privacy law in the world takes place next week but there is work to do among asset managers to ensure compliance.
The European Union’s GDPR (General Data Protection Regulation) comes into effect on May 25 and affects any business, anywhere in the world, that does business with EU.
Even those businesses that do not actively offer services in the EU could, in theory be caught out. For example, a Canadian financial advisor whose client moved to an EU country but continued to work with the advisor. The advisor would effectively be processing data about an EU resident.
Among the asset management industry, a new survey of hedge fund and PE fund managers by global investor services software firm Koger reveals that 91% of asset managers have taken steps to comply with the GDPR.
Almost two thirds of funds have updated data protection policies and procedures, 62% have hired a data protection officer and 53% have conducted training with employees involved in data collection and processing;
However, many funds have not dealt with the ongoing issues of client consent presented by the new regulation.
"While asset managers have been working toward GDPR compliance, our study shows that only about a third have procedures in place for client consent to data use. Just a small number have set policies to purge the data of clients and investors who no longer do business with the fund. Along with the prompt disclosure of data breeches, these are both key requirements of the regulation to protect consumers," said Ras Sipko, KOGER chief operating officer.
