You’ve likely heard a great deal about GDPR, or the General Data Protection Regulation. Developed over a period of years by the European Union (EU), this new set of regulations will likely substantially impact almost every facet of how companies handle the collection and processing of personal data.
But GDPR doesn’t just apply to companies based in the EU. Any company that does business in any EU country may be obligated to comply with the regulations – even if they have no physical presence in the EU. Therefore, GDPR is not something that US-based companies can ignore.
Because many US-based institutional investment firms – including some Backstop clients - will find themselves subject to the new regulations, we’ve developed a resource to provide answers to some of the most common GDPR questions they may have.
The Backstop GDPR Frequently Asked Questions document is available for download now. It provides an overview of some of the most important elements of this expansive change in how companies interact with customer data. Here are some examples of the frequently asked questions to which we have provided responses:
To whom does the GDPR apply?
Along with entities within EU borders, the GDPR applies to non-EU businesses who either offer goods or services to people in the EU or monitor the behavior of people in the EU.
What qualifies as “personal data?”
The GDPR defines personal data broadly, as any information relating to an identified or identifiable natural person.
What are the penalties for non-compliance?
The GDPR contains significant penalties for non-compliance: fines of up to 20 million Euros or 4% of total worldwide annual revenue of the preceding year (whichever is greater).
The FAQ also includes an overview of the steps Backstop is taking in response to the GDPR. We invite you to download your copy of this document today.