AIMA GDPR Implementation Guide

23 January 2018

The AIMA GDPR Implementation Guide is intended to assist members in their compliance with the updated EU data protection regime contained within the EU General Data Protection Regulation (GDPR), which is due to become effective on 25 May 2018.

The GDPR replaces the current EU Data Protection Directive and arguably represents the most significant update to EU data privacy law in the last two decades. Due to its extraterritorial scope, the GDPR is highly relevant to AIMA members based both in the EU and in third countries. The new rules cover how organisations process natural persons' personal data and extend the reach of EU data protection rules to the activities of non-EU organisations that offer goods or services to people located in the EU.

The AIMA GDPR Implementation Guide summarises the GDPR in the context of alternative investment management, including how the new rules differ from the existing Directive. In particular, the Guide examines key questions and compliance considerations for alternative investment management firms and funds with regard to the:

• EU and extra-territorial scope of the rules;
• requirements for all controllers and processors;
• enhanced rights of data subjects;
• requirements for data protection officers;
• minimum cybersecurity measures; and
• regime for breach detection, notifications and supervisory sanctions.

The Guide also includes a series of compliance checklists for AIMA member firms.

Full news

© AIMA - Alternative Investment Management Association