U.K. Data Protection Regulator Smooths Way for Fund Managers to Transfer Data to the SEC

The adoption of the E.U. General Data Protection Regulation (GDPR) created a quandary for European fund managers and other firms that are subject to SEC examination and recordkeeping requirements. If they responded to SEC requests for information during examinations, they ran the risk of violating the GDPR’s strict controls on data transfers to non‑E.U. countries. On the other hand, if they failed to respond to the SEC, they faced potential enforcement actions. In addition, the U.K. enacted its own version of the GDPR, which perpetuated the issue for U.K. fund managers and other firms post-Brexit. The U.K. Information Commissioner’s Office recently resolved this issue for U.K. firms subject to SEC oversight, confirming that those firms may rely on the “public necessity” exception to the GDPR’s data transfer prohibitions when complying with SEC information requests. This article analyzes the terms of – and rationale for – the relief, with additional commentary from Morrison & Foerster partner Annabel Gillham and counsel Robert S. Litt, who is co‑chair of the firm’s global risk and crisis management group. See “GDPR Lives On in the U.K. Post‑Brexit” (Mar. 4, 2021).

To read the full article

Continue reading your article with a HFLR subscription.