InfoHedge Technologies Is Ready for the General Data Protection Regulation (GDPR)
BOSTON, NEW YORK, LONDON and HONG KONG, June 4, 2018 – InfoHedge Technologies announced today that it is ready for the General Data Protection Regulation (GDPR.) Further, its best practices approach provides a foundation for GDPR readiness that helps its clients to navigate this new policy that applies to all firms that hold or service the personal data of EU individuals (whether or not they are a citizen.)
GDPR compliance brings a transformational shift that grants individual investors more rights and extends the definition of personal data. Under GDPR, personal data covers identifiers such as IP addresses, cookies and RFID tags, in addition to Personally Identifiable Information (PII). It is not just investor or client data that investment managers must consider either, but the personal data of employees.
“Overall, from a technology perspective GDPR is complex but not an overwhelming legislation,” said Michael Curry, Managing Director Client Services of InfoHedge Technologies. “For clients relying on cloud services they need to ensure that their data practices comply and adhere to the requirements of GDPR, and first need to understand the implications of the new rules on information governance practices in the cloud. Working with a single custody provider like InfoHedge Technologies makes this process far easier,” says Curry.
Funds failing to comply with the GDPR could face fines for breaches greater of €20m and 4% of a group’s worldwide annual turnover. The most significant impact of failure to comply could also manifest primarily as reputational.
"We think that the biggest challenge lies many U.S. firms incorrectly assuming that these regulations won't apply to them because they are EU regulations,” said Curry. “The reality is they do. We anticipate a post-May 25th rush as that realization sets in, as a firm that is registering with the Privacy Shield Framework, we have the foundation in place for our clients; however, we anticipate that many others will scramble to achieve compliance.”
GDPR has many layers, and it affects investors and services providers. This new regulation requires that firms now take a look at every aspect of their business and determine if they are collecting any data that is going to fall under it.
InfoHedge Technologies was founded in 2005 to provide solutions focused on helping hedge funds deploy and manage hosted technology solutions. The company was formed by a team of tech professionals previously working for one of the largest and oldest multi-strategy hedge fund organizations. The company has grown over the years, providing practical industry specific expertise to a broader base of investment firms.
For more information please contact us at BD@Infohedge.net or at (212) 531-5800
About the Privacy Shield Program
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law (see the adequacy determination). On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. See the statements from the Swiss Federal Council and Swiss Federal Data Protection and Information Commissioner.
The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join one or both of the Privacy Shield Frameworks in order to benefit from the adequacy determinations. To join either Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All organizations interested in self-certifying to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework should review the requirements in their entirety.