RiskTech Forum

Cordium to help investment firms comply with GDPR

Posted: 11 October 2017  |  Source: Cordium


Cordium, the market-leading provider of governance, risk and compliance services, has expanded its Cybersecurity and Data Protection Consulting Services to the UK to help investment firms prepare for and manage the requirements of the EU’s new General Data Protection Regulation (GDPR), which comes into effect in May 2018.

GDPR will introduce a rigorous set of data privacy and security requirements – spanning 99 articles and 173 recitals – for any organization that servicing or controlling data of European Union residents, regardless of where the company is located. The costs of non-compliance will be severe, with fines of up to €20 million or 4 per cent of annual turnover.

Cordium will help investment firms assess their current policies and practices for processing, storing and protecting data, identify any potential gaps to the GDPR requirements and develop remediation plans. Clients will receive recommendations on the tools they can deploy and the policies and procedures they can implement to ensure ongoing compliance.

Michael Corcione, Managing Director, Cybersecurity and Data Protection Consulting Services at Cordium said: “Any investment firm doing business in Europe and having EU citizen data is going to have to comply with GDPR. With continuing highly publicized cyber breaches, data security is now mission critical. The costs of getting it wrong will be punitive. This new regulation provides a detailed mandate, and any investment manager that treats GDPR compliance as a broader cybersecurity requirement will stand to benefit from tighter data controls and operations. We can support our clients with the specialized expertise and tools needed to secure their data and comply with the highest regulatory standards.”

The GDPR consulting service is the latest addition to Cordium’s growing set of Cybersecurity and Data Protection Services, first launched last year in the US. The Company’s services are designed to help investment firms quickly understand how GDPR and other regulatory requirements apply to their specific situations and how to embark on rapid and effective plans of action.