Share with your friends

One year on - UK investors eerily quiet on GDPR

One year on - UK investors eerily quiet on GDPR

Bill Packman, Head of Asset and Wealth Management Consulting with KPMG UK comments on the one year anniversary of the implementation of GDPR.


Also on

Bill Packman, Head of Asset and Wealth Management Consulting, KPMG UK, comments on the one year anniversary of the implementation of General Data Protection Regulation (GDPR), which lands on May 25 2019, saying:

“It’s hard to believe this time last year so much resource, effort and attention was being given to the topic of GDPR as for months now, I have heard very little from the asset management industry on this topic. There was a great rush to educate staff and change processes ahead of the deadline, but, unlike with other major regulations like MIFID II, since the deadline we’ve had very few requests to check systems and processes stand up to regulatory scrutiny. It’s as though the effort of implementation and the distractions of Brexit have put the issue on the backburner. But, firms’ use of data is only going one way – up. Asset managers are collating ever more data and getting more sophisticated in the way they use it, so to think GDPR compliance is a ‘once-and-done’ issue is naïve. Over the coming months I expect we’ll see asset management firms start to revisit the topic, before the regulator visits them.”

Commenting on the reaction to the regulation more broadly, Mark Thompson, Global Privacy Lead, KPMG, adds: “Looking across all sectors, reportedly, regulators have received 64,000 data-breach notifications from across the EEA since GDPR came into effect. With hundreds of investigations currently in progress we are slowly starting to see substantial enforcement and fines as a result of non-GDPR compliance. This shows that organisations still have a long way to go in placing privacy needs at the top of their priorities and at the centre of their operations.

“We’ve seen organisations get burned for thinking GDPR is an umbrella term that captures all privacy regulations. In truth, GDPR is just one example of hundreds of privacy regulations operating globally. A lot of companies have implemented it and assumed they’re compliant as a result, but this is not the case as GDPR isn’t recognised in all overseas markets.

“There’s also a need for more board level accountability when it comes to data management in businesses. Privacy was definitely high on the board level agenda last May, but it has since slipped down the priority list. It needs to be considered like any other critical asset and be consistently thought of as a priority at board level. Data is an asset that, mishandled, can become a liability that damages your brand and destroys trust.”


Press office contact:
Christina Bridge

About KPMG

KPMG LLP, a UK limited liability partnership, operates from 22 offices across the UK with approximately 16,300 partners and staff. The UK firm recorded a revenue of £2.338 billion in the year ended 30 September 2018. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 154 countries and has 200,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.

© 2021 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organisation please visit

Connect with us


Want to do business with KPMG?


loading image Request for proposal