GDPR – Do You Know Your EU Clients and Are You Ready to Protect Their Data?

Dna test infographic visualization. Big data code representation. Genome sequence map.

By Tim Buckler

General Data Protection Regulation (“GDPR”), a European Union (“EU”) regulation meant to protect the rights and data of EU residents (“data subjects”), comes into effect on May 25, 2018.  This regulation protects the data of EU residents regardless of who holds the data or where that data is held.

Will GDPR affect my firm?

All firms, regardless of where they are in the world, must determine whether they hold any data corresponding to a data subject (EU resident).  Many American firms believe that not having any clients with EU residency alleviates them of needing any remediation; however, most American firms will be affected by GDPR, especially if they do mass marketing.  Firms conducting mass marketing will need to remediate their email lists to GDPR standards or delete the emails from their list.

How do I know if my clients are EU residents?

This will require a search of not only current clients, but also previous clients, and if any data coincidentally corresponds to a data subject.  GDPR protects all EU residents regardless of their nationality.

What am I required to do?

Ultimately, GDPR requires firms to be able, at any time, to:

  • identify all data that pertains to data subjects;
  • know where that data is held;
  • how the firm received the data;
  • know how the firm uses the data;
  • know which third parties have access to that data and how they use that data;
  • know how and when the data subject consented; and,
  • be able to deliver, cease processing, or delete the data at the request of the data subject.

How Oyster Can Help:

  • Establish/implement initial and ongoing procedures to identify data subjects and the data attached to them
  • Determine if your firm’s practices require the appointment of a Data Protection Officer (DPO)
  • Draft policy and procedure enhancements
  • Test to determine if the actual practices meet what is stated in policies and procedures
  • Ensure data protection measures meet the standards of GDPR
  • Establish procedures to ensure data subjects provide informed consent to use the data with regard to mass marketing via email

About The Author

Photo of Tim Buckler

Tim Buckler has spent 10 years in the financial services industry, with a focus on project management, cybersecurity, data analysis, and compliance. Tim’s experience includes project management support for clearing platform conversions, cybersecurity assessments, GDPR and CCPA assessments, performing 12b-1 Mutual Fund fees analysis for regulatory initiatives, and ownership changes for custodial IRA held annuities.

Colored pencils stacked on top of each other
eBook

Download the Capital Markets Services eBook to learn about CAT Reporting, Trade and Position Reporting, Market Access and Best Execution.

Download
Capital Markets eBook Cover Skyscraper
Colored pencils stacked on top of each other

Related Content

Podcast

Oyster Experts Featured on Bond Dealers Association Podcast

Oyster’s Capital Markets experts were recently featured on the Bond Dealer Association’s podcast, “Bonding Time,” discussing issues affecting the U.S. fixed income markets.  The podcast, hosted by Michael Decker of BDA, covers: Listen to a sample of the podcast here: Capital markets are rapidly evolving. Technology innovations are creating a faster trading environment and the […]

Learn More
City architecture with orange beams

Blog

Consolidated Audit Trail Funding Model Amendment: Key Steps for Broker-Dealers

On September 6, 2023, the SEC announced approval of an amendment for a revised funding model for the Consolidated Audit Trail (CAT).  This revised model, called the “Executed Share Model,” defines the fees and how they will be allocated to industry participants. The amendment was approved 3-2, reflecting concerns regarding transparency of the costs that […]

Learn More
Abstract stairs in pale colors

Blog

Broker-Dealer Alert: What The New CAT Violations Mean For You

CAT and CAIS reporting data are the next big step towards monitoring client and industry member activity in NMS securities. We expect the increase in analytical data within CAT to exponentially increase regulatory findings across the industry.

Learn More