In this guest post, Zach McDonald of Mineral Interactive shares his thoughts on how US financial advisors can remain compliant with EU laws as GDPR goes into effect, including understanding the rights of consumers guaranteed under GDPR (e.g., the right to be forgotten, right to have access to personal data, right to grant or deny services consent, and the right to grant or deny placement of cookies), the advisors potentially impacted under GDPR (including any advisors who work with or solicit clients in the EU, and potentially even those who may merely have EU web traffic), the steps advisors can take to become GDPR compliant (from getting permission to track cookies, to verifying that vendors are compliant, and more), and the tools advisors commonly use that could also create GDPR issues (such as appointment schedulers, landing pagers, and many others)!
Ultimately, though, the key point is to acknowledge that advisors in the US cannot simply ignore GDPR as something that only applies to those in Europe. Many advisors in the US could fall under GDPR, due to something as minor as a single existing client who moves to Europe. And until we see how the EU will enforce the regulations, there is a risk that even just getting EU web traffic (whether the advisor wants it or not!) could trigger GDPR issues. As a result, advisors overlook GDPR compliance at their own risk, as failure to comply with GDPR can lead to substantial EU fines! And given the recent scandals and large-scale breaches of consumer data in the US – such as those at Facebook and Equifax – there’s also the possibility that GDPR could simply serve as a bellwether of changes to come here in the US as well! (Which means we may all be subject to GDPR-like rules soon enough!)