Financial Services Ireland

What does GDPR mean for the asset management industry?

Read More



What does GDPR mean for the asset management industry?

Almost three months on from the GDPR compliance deadline, many large firms are still not completely GDPR-compliant.

In the rush to proclaim day-one compliance, many organisations assembled a makeshift set of solutions. Now that the dust has settled, it’s clear that such a tactical approach doesn’t satisfy the GDPR concept of ‘privacy by design’. From apps that have no consent notice to vague privacy policies and marketing emails that are issued without express consent, a lot of works remains to be done.

GDPR specifically affects the asset management industry in a number of ways, which include:

  • Expanded notices about how personal information is to be used
  • Limitations on retention of personal data
  • Increased requirements to delete or hand over an individual’s information upon request
  • Mandatory data breach notification requirements
  • Requirements to maintain records of data processing activities and transfers of personal data
  • Higher standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities

This is where EY comes in: in our new brochure (which you can download below) we discuss how asset management companies can move from tactical compliance to embracing a sustainable and strategic data privacy approach through an intelligent data privacy framework.

GDPR should not be seen as a mere compliance  exercise — it offers the opportunity to implement best practice data protection protocols that safeguard your company’s most valuable assets: your employees, your clients, your investors and your reputation. If you have a question about how you can implement this approach in your company, please do get in touch.

Thought Leaders


Lisa Kealy

Wealth & Asset Management, Sector Leader

Paul Traynor

Partner and Advisory Lead, Wealth & Asset Management






More Topics