GoBuyside and Wall Street are Counting Down to GDPR

corporate firms leverage our solutions

Connect with GoBuyside on Instagram.

Roughly 100 days remain before the General Data Protection Regulation (GDPR) takes effect on May 25, 2018. If you are unfamiliar with the new regulations, or are under the belief that the regulations do not affect your company’s operations, you better be sure to understand them. Non-compliance with GDPR can result in €20 Million fines or 4% of the annual global turnover of non-compliant GDPR organizations. Further, one of the biggest changes resulting from the GDPR is its expanded territorial scope. If you are unsure about the applicability of the GDPR to your organization, there is no time like the present to learn about these regulations.


To ensure our clients’ awareness of the EU’s recent efforts to protect the privacy of its citizens, this article covers the basics of the GDPR. GoBuyside is committed to supporting its clients in the fund management industry through this transition period by providing world-renowned talent capable of bringing any organization up to speed with the GDPR.

In 1995, the EU adopted the Data Protection Directive, which was the legal precursor to the GDPR. Aware that numerous EU nations were setting varying data protection standards, the European Commission decided to standardize and streamline the protection of data for its citizens. The directive was focused on protecting the individual and required his or her consent when companies collected, stored, and shared personal data. Similarly, the goal of the GDPR is to shield EU citizens from privacy and data breaches in a progressively data-driven environment that has drastically evolved since the 1995 directive was created.

While the Data Protection Directive was not legally binding for member nations, it succeeded in setting the gold standard in personal data protections. The GDPR has been described as the data protection directive on steroids, as the ramifications of non-compliance were ramped up and certain ambiguities in the ladder were resolved by the GDPR. As a regulation, the GDPR is legally binding for every member state, unlike its directive predecessor.

READ MORE: Stock Market


Just as the flow of personal data can hardly be confined to geopolitical boundaries, the GDPR will also regulate activity outside of EU nations. Organizations located outside of the EU that offer goods or services to monitor the behavior of EU citizens will be subject to GDPR’s jurisdiction. The regulations will apply to all companies processing and holding the “personal data” of citizens living in the EU, regardless of the company’s physical location. Personal data is defined under the GDPR as any information related to a natural person that can directly or indirectly identify that person. Such data includes names, photos, email addresses, social networking posts, medical information, IP addresses, or bank information.

The GDPR regulates processors and controllers of personal data differently. A controller is an organization that determines the purposes, conditions, and means of processing of personal data, whereas the processor is an organization that processes personal data for the controller. Cloud service providers are considered processors and are not exempt from GDPR enforcement. According to GoBuyside analysts, “investment fund companies, management firms, AIFMs, distributors, fund administrators and depositaries will each need to consider the extent to which they control or process personal data, whether relating to investors or their respective officers and employees and ensure in each case they can operate in compliance with the upcoming legislation.”

One of the more prominent changes brought on by the GDPR is the alteration of consent requirements. By bolstering the conditions of consent, the GDPR ensures that companies will not be able to hide behind lengthy user agreements full of boilerplate language and legalese. Under the GDPR, consent must be given for the express purpose of data processing and must be distinguishable from other agreements. Only clear and plain language consent agreements will meet such requirements. Further, the ability of an individual to withdraw his or her consent must be as easy as giving their consent.

As the fund management industry gears up for the GDPR transition, we at GoBuyside are ready to equip your organization with the personnel to meet all your data protection needs and requirements. Be sure to check back with GoBuyside for further articles on the GDPR transition.

GoBuyside is a 21st-century recruitment platform that connects private equity firms, hedge funds, alternative investment managers, advisory platforms, and Fortune 500 companies with top talent from around the world. Using nuanced search parameters, GoBuyside systematically identifies and screens professionals to meet the needs of their clients. Over 500 satisfied clients have utilized GoBuyside’s talent network which encompasses over 10,000 firms and 500 cities across the globe. GoBuyside has successfully disrupted the traditional search model and is poised to serve all your human capital needs.


Learn more about GoBuyside by following them on Twitter and Facebook.


***UPDATE***5.23.18 With the GDPR coming up this weekend be sure to check out more about GoBuyside on gobuysidenews.com


***UPDATE*** Find even more information on GoBuyside on inc.com


  1. Thank you for this summary, much appreciated!I was able to understand everything even it was totally new topics for me

  2. The GPDR has really left a shockwave across every possible industry. I do wonder how many businesses will fail in the face of this new regulation. It’s great that gobuyside has been able to adapt so quickly and fluidly to the new laws, and it really shows you that the company is ready for the european market in 2018. I’m not sure if GPDR is good or bad, but at least some companies are starting to get on board I guess.

  3. I wondered why I was getting a zillion policy updates! Now I know, and I think it’s a great thing. I don’t mind my data being used in most cases, but I do get distressed thinking about it being used for the wrong purposes. Sounds like GoBuyside is on the ball with this! Being able to connect the right talents is important.

  4. Good article about this new regulation. Privacy and data protection are very important for all businesses. Im not sure if this GPDR is going to go over to well. Glad to know companies like GoBuyside are here to help businesses that will be affected by this.

  5. This article was great! GoBuySide is right on the money with these new regulations. They are an excellent company and I support them in everything they do. More people need to learn about them and follow their journey. I learned a lot new things and definitely recommend checking it out.

  6. Thanks for all the info in regards to the General Data Protection Regulation. It will be interesting to see how larger companies adapt to it especially when it comes to personal data. You hear daily about different breaches and its because is not truly regulated. That could be where a company like GoBuySide steps in to help.


Please enter your comment!
Please enter your name here