Feb 22017

GDPR Benchmarking

William RM Long and Francesca Blythe
, , ,

On January 26, 2017 Sidley hosted “Data Protection in Finance 2017: GDPR Readiness – Strategies and Practice” in association with DataGuidance. The interactive conference provided opportunities for networking with industry peers, as well as a full day of informative panel discussions focused on practical steps to achieve compliance with the EU General Data Protection Regulation’s (“GDPR”).

During the conference, a benchmarking exercise was undertaken to better understand the status of GDPR projects in the financial services industry. Of the attendees who responded to the benchmarking exercise:

  • 79% of the participants had already started their GDPR project.
  • 58% stated that the compliance department will take the lead for their GDPR project.
  • 37.5% considered the availability of budget and resourcing to be the biggest challenge for managing the GDPR project followed by the GDPR requirements themselves (30.5%).
  • 79% felt dealing with accountability requirements (e.g., data mapping, designating data protection officers, data protection impact assessments etc.) would require the most amount of effort.
  • 83% of participants will use external advisors to assist with GDPR compliance.

The GDPR was adopted in April 2016 and will enter into force in mid-2018. The GDPR, which is intended to create a single law on data protection across the EU, will have a significant impact on financial services institutions, funds, managers and advisers (“FS Businesses”) in Europe.  Importantly, GDPR will also significantly affect FS Businesses outside of Europe, such as in the U.S., that collect data on Europeans through offering goods or services to or monitoring Europeans. This is particularly important given the significant fines being introduced by the GDPR for non-compliance of up to 4% of annual worldwide turnover (gross revenue).

FS Businesses impacted by the GDPR may wish to consider carrying out an internal gap analysis of current data protection practices as compared to new requirements and rights under the GDPR. Please visit our GDPR resource page for some practical steps for implementation.

William RM Long

London

wlong@sidley.com

Francesca Blythe

London

fblythe@sidley.com

You might also like
UK’s New Pro-innovation Approach to Regulating Digital Technologies

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “Report”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.” In response, the UK Government has accepted all of the Report’s recommendations, and set out some next steps for their implementation.

Substantial Changes to Hong Kong’s Privacy Laws Coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.

It Is Now More Difficult For International Pharma To Transfer Data Out Of China

China’s new Measures for the Security Assessment of Outbound Data Transfers (the “Measures”) came into force on September 1, 2022. Pharma companies now have until February 28 to work out whether their activities mean they are affected, and to apply for the new type of data security assessment if they need it.