- Entity formation
- Entity management
- M&A transaction support
- Private capital & hedge fund core services
- Private capital
- Hedge fund
- Technology solutions
- Other funds services
- SPV corporate services
- Agency services
- Loan administration
- Cross capital market services
- Structures implementation and management
- Private client services
- Reporting services
Explore content
Show all >Featured articles and media

Insights | Corporate Client Services
Voluntary carbon credits bolster green bonds
25 May 2023
Read >
Featured articles and media
Show all media for Private Capital & Hedge Fund Services >Featured articles and media
Show all media for Capital Markets >Featured articles and media
Show all media for Private Clients >Featured events

Events | Virtual
Bankruptcy and Restructuring: Navigating Distress in the Evolving Markets
22 Jun 2023
Learn more >
Events | Virtual
Private Funds Industry Live, Expanding Private Funds in Global Markets
10 Jan 2023
Watch the recording >
Events | Virtual
Private Funds Industry Live, Demystifying Private Capital Funds
6 Dec 2022
Watch the recording >- Home
- Our services
- Corporate Client Services
- Entity formation
- Entity management
- M&A transaction support
- Private Capital & Hedge Fund Services
- Private capital & hedge fund core services
- Private capital
- Hedge fund
- Technology solutions
- Other funds services
- Capital Markets
- SPV corporate services
- Agency services
- Loan administration
- Cross capital market services
- Private Clients
- Structures implementation and management
- Private client services
- Reporting services
- Corporate Client Services
- Our locations
- About us
- News & Insights
- Login
GDPR – 5 things your organisation should know (but probably doesn’t)
6 September 2018
1 – Let’s get personal
What exactly is personal data? At first glance it’s an easy answer, the usual – name, address, date of birth. Right?
No.
Personal data is any data item which could potentially lead to the identification of a specific individual. That includes items like click behavior, IP addresses, insurance subscription type, voicemails you have left, books you have purchased, the list is endless.
2 – It’s all policy
While the regulation text and jurisdiction implementation may have been sufficiently explicit, each organisation is individual and operates within its own micro environment. The policy adopted by your organisation may be more stringent to reflect your industry and risk appetite and therefore it should never be assumed that the regulation is the final word. Focus on ensuring that employees know what the policy is and it may also be more palatable than extracts from a regulation.
3 – Things change
Especially in the financial world, things change fairly rapidly. Today’s key risks as seen by the regulators may be redundant in six months’ time as our global technology evolves. Your policies may be top notch as at September 2018 but don’t assume it will be in June 2019.
Capturing changes and adaptations continues to be one of the biggest challenges to our businesses today.
4 – Global reach
Just because you may be located outside of the EU does not mean GDPR is not something to consider. Each organisation must assess its GDPR requirements based on their own specific situation and shouldn’t assume that because they’re not in the EU, they’re not impacted.
If your organisation deals with personal data from an EU citizen then you have to comply with the GDPR.
5 – Not all breaches are created equal
What is a data breach versus a data loss? When do we need to analyse, when do we register and when do we need to report?
Should the worst happen you want to be as prepared as you can possibly be, sometimes an over-reaction is just as damaging as an under-reaction. Having clear guidance and a set of instructions which are catered for your business and realistic examples of situations which may occur, can make a substantial difference for the future of your business.
The impact of the regulation in general, and on your business in particular, shouldn’t be underestimated. Legal, HR, IT and Sales & Marketing teams have different focus areas and touch points with the regulation. As part of our GDPR service offering we can provide tailored training to get employees aligned and aware of the impact of the regulation on their daily tasks – one of the GDPR requirements itself. Get in touch with our experts to find out more.