In this update, Ropes & Gray’s investment management and cybersecurity initiative examines the impact of the GDPR on the funds industry, with a focus on the regulation's effect on non-EU-based funds and advisors. Given that one of the express aims of the GDPR is to broaden the territorial scope of the European privacy regime, processing activities of funds and advisers are covered if the fund or adviser (1) offers goods and services to individuals in the EU or (2) monitors the behavior of EU-located individuals.
