What is GDPR?
Will GDPR effect Cayman domiciled funds?
It may, depending on the activities the fund carries out. The GDPR not only applies to firms domiciled in the EU but also to firms established outside of the EU where processing involves offering goods or services to ‘data subjects’ in the EU. This means if a fund has European investors or is actively marketing to European investors, it may be in scope of the GDPR. Where a Cayman fund is in scope of the GDPR, it may be required to appoint a ‘representative’ in the EU to assist the fund in meeting its GDPR obligations. The EU representative will be the point of contact for any queries data subjects or data protection supervisory authorities have in relation to the fund’s activities.
What does it mean for funds in scope of the GDPR?
Investment funds captured by the regulations, will be considered data controllers of investor data. Service providers will be considered data processors (in certain circumstances they may also be considered data controllers).
The main responsibilities of data controllers are to:
The responsibilities of data processors include:
What are the consequences for firms that fail to comply?
Firms which breach the GDPR are liable to a maximum fine of the greater of €20m (over US$24m) or up to 4% of their annual global turnover. The GDPR’s administrative fines are designed to reflect the severity of the breach and in each case be effective, proportionate and dissuasive.
How can Carne help?
Carne can assist Cayman funds in meeting their GDPR obligations by carrying out the following activities: