The Alternative Investment Management Association (AIMA) has published a General Data protection Regulation (GDPR) implementation guide.
The guide aims to help members understand and comply with new EU rules that come into effect on 25 May.
The new rules cover how organisations process personal data and extend to the activities of non-EU organisations that offer goods or services to people located in the EU.
AIMA’s guide examines and explains the requirements for all controllers and processors, enhanced rights of data subjects, minimum cybersecurity measures, and breach detection, as well as notification and sanctioning regimes.
The association has also provided a checklist of actions that firms should complete to assist them with the implementation.
GDPR replaces the EU Data Protection Directive, originally established in 1995.
Jack Inglis, CEO of AIMA, said: “Following the implementation of the second Markets in Financial Instruments Directive, the GDPR is the next major regulatory challenge at the forefront of the industry’s mind. This guide will help to inform members of their obligations and hopefully reassure them where certain misunderstandings may exist.”
“Whilst it is clear that minor, innocent breaches are unlikely to result in the greatly enhanced maximum penalties of 4 percent of global revenues, it is important that our members are able to demonstrate that they have a clear understanding of what personal data is in their possession, why it has been obtained and how it is used.”
.jpg)