Why the GDPR Might Apply to an Endowment

We are scrutinizing a new topic: the EU’s General Data Protection Regulation, which becomes effective May 25th. It seems possible that some charitable organizations — and their endowment investment offices — might technically fall within the GDPR’s scope. Although the drive behind the GDPR was to strengthen data protections provided to EU consumers who interact with internet companies that gather and retain information, the precise balance to its reach is yet to be determined. As so often happens with a new regulatory requirement, broad language was used, little guidance exists on the application to investors, and future regulatory clarifications could easily eliminate burdensome and onerous requirements (or, of more concern, expand them). As if this were not enough, there exists a great deal of uncertainty as to how EU regulators will enforce the GDPR — initially and over time.

What is clear is this: an organization that is subject to the GDPR may have numerous compliance responsibilities and very significant potential penalties.

If you are interested in discussing these issues, so as to better enhance awareness of them by the endowment community, please contact

Given the present state of ambiguity, RFG has prepared an analytic approach for its retainer clients to use in considering the issue. Our analysis also highlights the key initial questions investment offices may want to use with internal control and governance groups to socialize the topic, and areas of risk and risk tolerances. Copies of the materials are available on RFG Pathfinder™ for retainer clients.

Recent Posts

See All

COVID-19 Tax Relief and a Chance for Redemption

Recently, the once-stellar reputation of charitable organizations was getting a bit tarnished. As the press reported various scandals and investigations of endowed organizations, endowments were somet

RFG Keeps Clients Updated on LIBOR Transition

Following the SEC’s statement on LIBOR transition, some investment advisers are offering up disclosures on the topic. But are mere disclosures sufficient? To find out, RFG invited Adam Schneider and S

Our Blog

© 2020 The Regulatory Fundamentals Group LLC | Terms of Use and Privacy Policy