AIMA launches GDPR Implementation Guide

Published: 23 January 2018

AIMA  has launched the AIMA GDPR Implementation Guide to assist members in their compliance with the updated EU data protection regime contained within the General Data Protection Regulation (GDPR), which is due to become effective on 25 May this year. The GDPR replaces the current EU Data Protection Directive and is the most significant update to EU data privacy law in the last two decades. Due to its extraterritorial scope, the GDPR is highly relevant to AIMA members based both in the EU and in third countries. The new rules cover how EU established organisations process the personal data of natural persons globally and will also capture non-EU organisations that offer goods or services to people located in the EU. For alternative investment management firms and funds, this mainly relates to the processing and potential cross-border transfer of employee and investor data, but could also be relevant to fund investments and research that involve the processing of personal data. The rules also apply to any personal data received from a third party that is stored or used by an organisation.

The AIMA GDPR Implementation Guide summarises the GDPR framework in the context of alternative investment management firms and funds, and looks at how the new rules differ from the existing Directive. In particular, the Guide examines key questions and compliance considerations with regards to the:

  • EU and extra-territorial scope of the rules;
  • requirements for all controllers and processors;
  • enhanced rights of data subjects;
  • requirements for data protection officers;
  • minimum cybersecurity measures; and
  • regime for breach detection, notifications and potential supervisory sanctions.

The Guide also includes a series of compliance checklists for AIMA members.

If you have any questions in relation to the Guide or the GDPR, please contact Oliver Robinson.