ACA Aponix is pleased to announce our new GDPR-specific due diligence questionnaire (DDQ), which is designed to determine if your vendors are compliant with GDPR requirements, working towards compliance, or have not considered the implications of GDPR. This brief DDQ can be administered as a standalone questionnaire at a reduced rate, and it is now included by default in the standard ACA Aponix vendor DDQ.
If you are a data controller under GDPR, you are required to assess whether your vendors are GDPR-compliant data processors. Vendors that must comply with GDPR are not limited to those commonly known to process sensitive data, such as fund administrators, CRM solutions, outsourced payroll providers, and benefits providers. Many other vendors not typically considered to be a risk to your firm now come into scope under GDPR and may qualify as a data processor (e.g., event organizers).
GDPR goes into effect on May 25.
The following ACA resources are available to help your firm navigate the complexities of GDPR:
- GDPR Compliance: An 8-Step Game Plan - Blog post
- GDPR: Preparing for the May 25 Deadline - On demand webcast
- GDPR for Investment Managers FAQs - Includes GDPR requirements and steps you should take to ensure your firm is compliant
For More Information
For more information about how ACA Aponix can help your firm or your vendors prepare for the GDPR compliance deadline, please contact us at firstname.lastname@example.org or contact your regular ACA consultant.