GDPR – Do You Know Your EU Clients and Are You Ready to Protect Their Data?

Dna test infographic visualization. Big data code representation. Genome sequence map.

By Tim Buckler

General Data Protection Regulation (“GDPR”), a European Union (“EU”) regulation meant to protect the rights and data of EU residents (“data subjects”), comes into effect on May 25, 2018.  This regulation protects the data of EU residents regardless of who holds the data or where that data is held.

Will GDPR affect my firm?

All firms, regardless of where they are in the world, must determine whether they hold any data corresponding to a data subject (EU resident).  Many American firms believe that not having any clients with EU residency alleviates them of needing any remediation; however, most American firms will be affected by GDPR, especially if they do mass marketing.  Firms conducting mass marketing will need to remediate their email lists to GDPR standards or delete the emails from their list.

How do I know if my clients are EU residents?

This will require a search of not only current clients, but also previous clients, and if any data coincidentally corresponds to a data subject.  GDPR protects all EU residents regardless of their nationality.

What am I required to do?

Ultimately, GDPR requires firms to be able, at any time, to:

  • identify all data that pertains to data subjects;
  • know where that data is held;
  • how the firm received the data;
  • know how the firm uses the data;
  • know which third parties have access to that data and how they use that data;
  • know how and when the data subject consented; and,
  • be able to deliver, cease processing, or delete the data at the request of the data subject.

How Oyster Can Help:

  • Establish/implement initial and ongoing procedures to identify data subjects and the data attached to them
  • Determine if your firm’s practices require the appointment of a Data Protection Officer (DPO)
  • Draft policy and procedure enhancements
  • Test to determine if the actual practices meet what is stated in policies and procedures
  • Ensure data protection measures meet the standards of GDPR
  • Establish procedures to ensure data subjects provide informed consent to use the data with regard to mass marketing via email

About The Author

Tim Buckler has spent 10 years in the financial services industry, with a focus on project management, cybersecurity, data analysis, and compliance. Tim’s experience includes project management support for clearing platform conversions, cybersecurity assessments, GDPR and CCPA assessments, performing 12b-1 Mutual Fund fees analysis for regulatory initiatives, and ownership changes for custodial IRA held annuities.

Colored pencils stacked on top of each other
eBook

Download the Capital Markets Services eBook to learn about CAT Reporting, Trade and Position Reporting, Market Access and Best Execution.

Download
Capital Markets eBook Cover Skyscraper
Colored pencils stacked on top of each other

Related Content

Peter Sheehan joins Oyster Cosnutling

article

Peter Sheehan Joins Oyster Consulting’s Business Development Team

Move adds to Oyster’s delivery of strategic, operational and compliance solutions to financial services firms RICHMOND, Va., May 31, 2023 — Oyster Consulting, a financial services consulting firm providing consulting, outsourcing and software services to wealth management firms, announced today that Peter Sheehan has joined the firm’s Business Development team.   One of the biggest […]

Learn More
Curved building shot from below

Blog

4 Key Takeaways from FINRA’s Annual Conference

FINRA’s annual conference was held in Washington, DC in mid-May with record setting attendance. This conference is always a great opportunity for compliance professionals and service providers to network and to hear the latest in regulatory developments. The theme of this year’s conference was ‘Future Focused.’ There were a number of panel discussions around technology […]

Learn More
Abstract geometric interior structure, 3d rendering. Digital drawing.

Blog

AML Testing: Unlock the Power of Outsourcing

The financial and reputational cost of an inadequate AML program can be high, and regulators have not been shy about sharing disclosures, fines and suspensions related to poorly run AML programs. FINRA’s 2023 priorities note the following common findings: Regularly reviewing and updating your firm’s written AML policies, procedures and controls is vital to reducing the exposure […]

Learn More