Governance, risk and compliance services provider Cordium has launched a GDPR consultancy service to assist investment firms with preparing for the regulation.
GDPR, coming into effect in May 2018, will introduce a rigorous set of data privacy and security requirements for any organisation that services European clients, regardless of where the company is located. The cost of non-compliance will involve fines of up to EUR 20 million or four percent of annual turnover.
Cordium will assist investment firms with assessing their current policies and practices for processing, storing and protecting data, identify any potential gaps to the GDPR requirements and develop remediation plans. Clients will receive recommendations on the tools they can deploy and the procedures they can implement to ensure ongoing compliance.
Managing director, cybersecurity and data protection consulting services at Cordium, Michael Corcione, said: “Any investment firm doing business in Europe and having EU citizen data is going to have to comply with GDPR. With continuing highly publicized cyber breaches, data security is now mission critical.
“The costs of getting it wrong will be punitive. This new regulation provides a detailed mandate, and any investment manager that treats GDPR compliance as a broader cybersecurity requirement will stand to benefit from tighter data controls and operations. We can support our clients with the specialized expertise and tools needed to secure their data and comply with the highest regulatory standards.”
Cordium first launched its cybersecurity and data protection services in the US last year. Its services are designed to help investment firms understand how GDPR and other regulatory requirements apply to their specific situations.