US Corporate Law News: Effects of the GDPR on US fund managers' use of alternative data

24 June 2018 | Applicable law: US

In addition to prompting U.S. fund managers to add European Union General Data Protection Regulation (GDPR) compliant representations to agreements that touch E.U. employees or investors (and updating privacy policies and subscription agreements for E.U. investors), the GDPR, which took effect last month, applies to a fund manager's use of alternative internet data, such as credit card panel data, social media data, app usage data and location intelligence data. 

Unlike the U.S. data law concern about "personally identifiable information," such as social security numbers, the GDPR's focus on "personal data" is broader and covers any data that can be reverse-engineered or combined with other accessible data to identify an individual. Fund managers may begin complying with this GDPR impact, by seeking assurances from vendors that they are not receiving data that constitutes personal data under GDPR, request that data supplied be anonymized and/or prepare a vendor on-boarding due diligence questionnaire to verify a vendor's internal GDPR compliance policies and procedures and insurance coverage in the event of a breach.

For more information see here.

This article was written with contributions from Nabeela Latif.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.


Related experience

As a full-service law firm, we are able to provide advice and information about a wide range of other issues. Here are some related areas.

Join the club

We have lots more news and information that you'll find informative and useful. Let us know what you're interested in and we'll keep you up to date on the issues that matter to you.