GDPR FOR PRIVATE EQUITY AND REAL ESTATE

Similar documents
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)

WHAT DOES THE GDPR MEAN FOR PENSIONS? HANDY GUIDE

WHAT DOES THE GDPR MEAN FOR PENSIONS?

The New EU General Data Protection Regulation (GDPR)

DATA SUBJECT ACCESS REQUEST POLICY AND PROCEDURE

General Data Protection Regulation. Asked Questions

Aegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

GDPR update and its impact on accountancy practices

The General Data Protection Regulation (GDPR): action plan for pension scheme trustees

Your Right Hand Finance Ltd (YRH) Subject Request Policy

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

The Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy? July 31, 2018

Data Processing Addendum

CP is licenced and supervised by the Commission de Surveillance du Secteur Financier (hereinafter CSSF ).

The contract is important so that both parties understand their responsibilities and liabilities.

Man and Machine - Data Protection Policy

GDPR: The Most Frequently Asked Questions: Are the Standard Contractual Clauses Enough?

The General Data Protection Regulation s Impact on M&A

Building a Program to Manage the Vendor Management Lifecycle

DATA PROCESSING AGREEMENT

EU PRIVACY REFORM UPDATE ON CANADA S EU ADEQUACY STATUS

Privacy Policy Statement

Data Protection Post-Brexit

Audit Requirement Guide SURF Framework of Legal Standards for (Cloud) Services Annex D

Privacy Statement v 1.1

Data Privacy Notice. Who are we and why do we register and use personal data?

Customer GDPR Data Processing Agreement

INFORMATION ON THE PROCESSING OF PERSONAL DATA

The General Data Protection Regulation (GDPR) Personal data in SOS International

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

The data protection fee

Guidance: The new EU General Data Protection Regulation: Implications for Australia

GDPR Essentials. To Meet the May 25th Deadline. FIA Webinar March 1, 2018

Processing under the GDPR: risk and liability shifts

Broadbean Technology Limited - Data Processing Agreement (25th May 2018)

2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?

Southern Golden Retriever Rescue Data Protection Policy

TERMS OF BUSINESS. By asking us to quote for, arrange or handle your insurances, you are providing your informed agreement to these Terms of Business.

Information about Danica Pension s processing of personal data

Firefighters Pension Scheme

IRIS Group of Companies Customer Data Processing Terms

Data Processing Agreement, the Contract

Pension Trustees. Final Countdown to the GDPR

EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )

ON24 DATA PROCESSING ADDENDUM

Regulations and guidelines 1/2012

GUIDELINES FOR THE CONTRACTING OUT OF RESEARCH ACTIVITIES

Moxtra, Inc. DATA PROCESSING ADDENDUM

Data Processing Appendix

Data Processing Addendum

States of Guernsey EU General Data Protection Regulation (GDPR) - High-level impact assessment

DATA PROCESSING AGREEMENT

Brexit Essentials: an update on data protection and privacy

Privacy notice. What personal data do we register and use?

FINANCIAL SERVICES OPPORTUNITIES INVESTMENT FUND LIMITED Company Registration Number: PRIVACY NOTICE

Data Processing Addendum

Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)

HOW TO EXECUTE THIS DPA:

We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice.

The EU s General Data Protection Regulation enters into force on 25 May 2018

DATA PROTECTION LAWS OF THE WORLD. Czech Republic

Legal Considerations in Negotiating Cloud Contracts

ARE YOU READY FOR THE NEW DATA PROTECTION LAWS?

SILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY

The Brazilian Data Protection Law LGPD

ALTERNATIVE INVESTMENT FUND MANAGERS DIRECTIVE FREQUENTLY ASKED QUESTIONS

The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018

PREPARING FOR THE EU GDPR IN RESEARCH SETTINGS

AIFMD. Fundamental considerations to be addressed at a strategic level for marketing in the EU:

DATA PROTECTION NOTICE

GDPR : We protect your data

Pension Trustees Final Countdown To GDPR

DATA PROCESSING ADDENDUM

British Bankers Association submission to the consultation on the legal framework for the fundamental right to protection of personal data

GDPR CCPA LGPD. Protected information

Personal Data. Protection Policy

Creating a Big Data Strategy: Managing Risk and Enabling Innovation

Revising policies and procedures under the new EU GDPR

New Data Regulation, Brexit and the Pensions Industry.

Governance under AIFMD

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

DATA PROCESSING ADDENDUM (GDPR and EU Standard Contractual Clauses)

Privacy Statement. Introduction

Retirement Options. Personal Pension. Claim Form. To be completed by your Financial Advisor. Your Personal Details.

Insurance Supervisory Approach January February 2018

Data Processing Addendum

All Sorts UK Limited Data Protection Policy 17 th May 2018

CLOUDINARY DATA PROCESSING ADDENDUM

MRS Brexit Survival Guide: EU-UK Data transfers November

The Future of Data Privacy in Europe T H E E U R O P E A N G E N E R A L D ATA P R I VAC Y R E G U L AT I O N (G D P R)

CHARITY & NFP LAW BULLETIN NO. 419

Transborder data transfers briefly explained

Impact of the European General Data Protection Regulation on U.S. M&A

Cover option 2. The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability. Subtitle or Company Name

PRIVACY NOTICE issued by DALE Accounting and Tax Services Ltd

We are the Sanne Group, a listed multinational provider of alternative asset and administration services.

General Data Protection Regulation (GDPR) Data Protection Notice

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

Data Protection Cayman Islands

Transcription:

GDPR FOR PRIVATE EQUITY AND REAL ESTATE Date: Friday, 3rd November 2017 Start time: 12:30GMT Panellists: Pat McIntyre GDPR Project Manager David Rowland Group Head of AML and Compliance Manager, Augentius Guernsey Duncan Smith Managing Director, Augentius Luxembourg Moderator: David Bailey Group Head of Marketing and Communications

The General Data Protection Regulation (GDPR) An EU regulation which affects anyone in the world who handles the personal information of any individual citizen in the EU. This includes: Funds Fund Managers Portfolio Companies Different obligations will apply, depending on whether you are a data controller or processor the obligations of a controller being more onerous. A Data Controller A Data Processor where an organisation collects data (or has a third party collecting data on its behalf) AND they decide what to do with the data an organisation which processes data on behalf of another party 2

Who might you outsource data to? One of the first steps Fund Managers should take is a review of whom they outsource data to. Some examples are as follows: Fund administrators Payroll Agents Cloud providers Systems hardware hosts Pension providers Healthcare BUPA etc. Fund Managers should liaise with these parties to ascertain how their plans to comply with the GDPR are progressing and whether they transfer personal data outside the EU. Where personal data is transferred outside the EU you must ensure that an adequate level of protection is afforded one way of achieving this is the use of Model Clauses. 3

Guernsey and Luxembourg Will the GDPR apply in Guernsey? Yes. Local government have announced that the GDPR will be incorporated into local law, with the aim to be ready for implementation in May 2018. Guernsey s committee for Home Affairs has published the new Data Protection Law. This is important for Guernsey as it will ensure that Guernsey maintains its adequacy in the future on an international level. How does this affect Luxembourg domiciled funds? Many AIFMs and other Investment Fund entities employ Fund Administrators as Central Administrator. Central Administration is a key requirement for Luxembourg Funds and the provision of Fund Administration services by regulated, PSF or Credit Institutions. In many cases the Fund, GP, Holding Companies delegate the Central Administration to the Fund Administrator and in these cases the Fund Administrator is deemed to be the Data Controller in Luxembourg. There may of course be scenarios where the Asset Manager may also be regarded as a Data Controller in their home jurisdiction, depending of course on the flow of data between investor and the Fund. 4

What are the main new requirements? Many existing requirements under the Data Protection Act are incorporated into the GDPR However there are a number of major new requirements: Increased scope more entities will be subject to the GDPR Increased data subject rights include greater transparency, right to be forgotten, data portability and obtaining specific consent (in certain scenarios) New requirements before personal data can be transferred outside the EU Breach management and notification Privacy by design considering the DP implication for new products and services A sizeable increase in the penalties that can be levied for data breaches The need to appoint a Data Protection Officer, in certain circumstances The ability to appoint a lead supervisory authority should reduce bureaucracy where a controller operates in multiple Member States 5

Next steps? Fund managers should undertake a comprehensive review to: benchmark their data protection policy and procedures against the requirements of the Regulation; check that their HR Policies and procedures reflect the requirements of the Employment Practices Code; Identify the gaps and what is required to address them; Identify all instances where personal data is transferred outside your business to be processed; consult with your suppliers to establish what steps they propose to take to meet their obligations and if this will help the manager meet their obligations e.g. IT system changes to assist with erasure and right to be forgotten requirements; identify instances where personal data is transferred outside the EU and ensure that adequate safeguards are in place; agree an appropriate action plan, including timeframes; and implement the plan to ensure compliance. 6

Augentius Group: the facts Over 640 staff globally Investors from 111 countries 70% of staff either qualified or part-qualified 200+ clients 12 Augentius Group raised over US$40,000 for local charities over the last 12 months domiciles serviced serviced globally 520+ $130BN assets under administration 17,000+ payments processed each year Funds serviced 14,000+ Investors serviced globally 7

Let s keep in touch Pat McIntyre Pat.McIntyre@augentiusdepositary.com David Rowland David.Rowland@augentius.com Duncan Smith duncan.smith@augentius.com 8

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback