We live in a world where our personal data is more accessible and unfortunately, more mishandled than ever before. Between the headlines about the recent Facebook and Cambridge Analytica scandal to the nonstop buzz over the looming GDPR regulations, how personal data is used and secured by businesses has been front of mind. Whether you’re running a long-only fund, hedge fund, private equity fund, or another alternative fund, the importance of safely handling data, personal and otherwise, is nothing new.
The enactment of the GDPR has forced every company, including those outside of the alternatives industry, that operates in or provides services to EU residents to revisit their compliance policies and adjust them to meet the GDPR standards by May 25, 2018. Many firms have been scrambling to beef up not only their protocols but also their internal processes to support them.
Software like CRMs and Web Portals can’t guarantee an asset manager's ability to fully comply, but their compliance-friendly features will aid them in adhering to regulatory requirements:
1. Granular Internal User Permissions
As an alternative asset manager, privacy management of your investors and prospects’ personal data has always been a prominent part of your firm’s compliance policies. Even more so now with the impending GDPR regulation, your firm is likely working on or - if you’re ahead of the game - already has a new GDPR policy detailed within your firm’s protocols.
Software, such as a CRM, will greatly assist in achieving some of the regulatory requirements like data control. By leveraging a CRM that is designed to manage the compliance issues asset managers face, you will take advantage of built-in permissions features that allow you to granularly permit access to users for only specific sets of data such as funds and investors. By deploying a strict access structure among your Investor Relations team, you’ll be able to limit the number of individuals who will touch a particular subset of investor personal data. In doing so, it will be easier to hold employees accountable for the personal data they deal with on a daily basis.
2. Maintain a Personal Data Inventory
A CRM and web portal by nature will help you fulfill the regulatory requirements for maintaining a personal data inventory. This software catalogs personal data including name, email, phone number, address and even the date this data was created or updated.
Taking this a step further, if your CRM is integrated with a web portal, you’ll be able to seamlessly pull in when they requested information on your products or viewed the disclaimer back into your CRM. Centralizing all personal data alleviates the headache of reporting to regulatory bodies or providing a holistic list of an individual’s recorded personal data.
CRMs offer full audits of the data interactions, who updated it and when. This will help demonstrate to regulators how the data was used and maintained.
3. Manage Email Communication Preferences
If your firm sends any email communication to prospects or clients, leveraging a way for recipients to easily opt out of a particular distribution is essential. An easy way to capture when an individual has withdrawn their consent is utilizing an unsubscribe URL link within the body of an email.
Clienteer CRM provides native link tracking functionality as part of its email distribution tool making it easy to track when an individual has clicked on the link to open your unsubscribe webpage. Then simply review the email tracking statistics to successfully remove individuals who have withdrawn their consent from this distribution.
4. Rectify Data
The GDPR requires a firm to provide individuals an avenue to view and update their personal data. A convenient way to maintain this is through an investor portal. Portals, like WebVision, allow permissoned individuals to log-in and view the personal data they’ve shared with you at any time.
Users also have the ability to update these details whenever necessary. This updated information will then seamlessly pull into a CRM to ensure the contact data is matching. An integrated process like this helps demonstrate compliance with the GDPR regulations.
5. Collect Consent
Under various regulations, asset managers are required to receive consent before soliciting to potential investors. For this highly regulated industry, soliciting can be considered as simple as presenting product details on a website to an EU web surfer. For this reason, many managers have started to leverage a web portal which helps safeguard them from soliciting to any non-consenting individuals.
By deploying country-specific disclaimers based on the website visitor's origin, you can dynamically control the information displayed to them. This functionality enables you to quickly report on when the disclaimer acceptance was received and under which country.
Specifically, with the GDPR, legal counsel may direct asset managers to present EU based prospects with clear and precise details on what they are freely consenting to before any communication or personal data storage can take place. Utilizing a web contact form with language that distinctly states how you plan to use and store their data can help meet the GDPR’s consent requirements.
Ultimately, software empowers a firm with the tools they need to support their processes compliantly, but without continual employee education on new regulations and a top-down culture of compliance, it will be challenging for a firm to satisfy their regulatory obligations.
If you have questions regarding how we're handling GDPR, please reach out.