We are writing to ensure that you are aware of the upcoming compliance date of May 25, 2018 for the European Union’s (“EU’s”) General Data Protection Regulation (“GDPR”). The GDPR has very broad scope and applies to any U.S. business that processes personal data (broadly defined) of individuals in the EU/European Economic Area (“EEA”) where the processing activities are related to:
- the offering of goods and services to such individuals, irrespective of whether a payment by the individual is required, or
- the monitoring of the behavior of such individuals in the EU/EEA.
The types of EU/EEA individuals whose personal data you might process include:
- Individual clients,
- Private fund investors who are individuals, or
- Individuals that are employees or authorized persons of institutional investors whose data is collected for anti-money laundering or due diligence purposes.
Personal data might include data such as information in beneficial ownership records, investor suitability questionnaires, subscription documents, KYC/AML documentation, and data and information regarding directors and employees of a management company or acquisition target.
The GDPR’s compliance requirements are significant. The GDPR may require U.S. firms to send notices to individuals whose personal data they receive or maintain, to obtain consent regarding the use of such data, and to adopt policies and procedures regarding how such data may be stored, accessed and used. The penalties for non-compliance with the GDPR are also significant.
We recommend that any U.S. firms that either maintain or process personal data regarding individuals located in the EU/EEA (and who are not already in the process of addressing GDPR requirements) reach out to your compliance consultant and/or your EU counsel or your usual contact at Finn Dixon & Herling to determine what steps should be taken towards compliance.
* * * * *
Matthew S. Eisenberg
(203) 325-5084 or firstname.lastname@example.org
Reed W. Balmer
(203) 325-5011 or email@example.com
Erik A. Bergman
(203) 325-5026 or firstname.lastname@example.org
Justin J. Shigemi
(203) 325-5065 or email@example.com
Harold B. Finn III
(203) 325-5029 or firstname.lastname@example.org
Richard D. Kilbride
(203) 325-5075 or email@example.com
(203) 325-5009 or firstname.lastname@example.org