DealLawyers.com Blog

This Weil Gotshal blog gives a heads-up to US private fund sponsors – the EU’s new “General Data Protection Regulation” may well apply to you.  This excerpt explains:

One of the most significant changes under the GDPR is to extend the jurisdictional application of the new law to non-EU fund sponsors holding or using data about individuals located in the EU, even in the absence of any EU presence. Accordingly, non-EU based private fund sponsors which are not caught by the current regime would be well advised to consider whether the forthcoming changes in laws will bring them within the scope of the GDPR.

Where the extra-jurisdictional provisions do apply, non-EU based sponsors are required to comply with the entirety of the GDPR or face potential fines up to the greater of €20m and 4% of worldwide revenue for the most serious infractions.

The blog points out that full compliance with the GDPR is pretty burdensome.  Entities to which it applies will be required to rapidly report data breaches to EU authorities, provide disclosures about data usage to individual EU investors, comply with various rights granted to individuals, appoint an EU representative & maintain detailed internal records.

The blog also addresses the circumstances that may trigger the GDPR’s applicability to US sponsors, and also flags some of the practical impediments that EU regulators may face in attempting to enforce compliance against a non-EU sponsor.

– John Jenkins