The EU’s sweeping new set of data protection rules will require big changes from wealth managers – and those in other sectors. This article gets into some of the pertinent details.
Just when wealth management industry folk thought it might have been a bit quieter once the MiFID II process started in January next year, they were rapidly disabused of that notion. In May next year a sweeping new set of rules governing data protection, affecting all sectors, takes effect across the EU. Known as GDPR for short, this legislation promises to be as potentially heavy on budgets as MiFID II.
The EU General Data Protection Regulation, which comes into force on 25 May 2018, is set to be a disruptive force, fundamentally altering how businesses manage personal data. Any firm which deals with customer data will be directly affected by this regulation. Despite the huge implications regarding how client data is handled, many fund and wealth managers remain unaware of the huge impact that GDPR will have on their day to day business. These firms now find themselves in a race against the clock to ensure that they are compliant ahead of the May deadline or risk facing potentially catastrophic fines, including up to 4 per cent of their annual global turnover or €20 million ($23.5 million), whichever is higher.
Many financial services firms are currently focusing their resources on compliance with the Markets in Financial Instruments Directive II (MiFID II), which comes into force on 3 January 2018. Some fund and wealth managers, particularly boutique firms, may have delayed this process due to the substantial costs and resources involved in a comprehensive implementation plan, but taking the necessary steps now will help ensure a smooth transition when the regulation comes into force next May and will avoid extensive long-term costs generated by inefficient procedures or regulatory penalties.