Cordium, a provider of governance, risk and compliance services, has agreed to offer its Cybersecurity and Data Protection Consulting Services to investment firms across the UK.

The company’s services are designed to help investment firms comply with EU’s new General Data Protection Regulation (GDPR), which comes into effect from May 2018.

GDPR is set to launch a set of 99 articles and 173 recitals on data privacy and security requirements for investment companies servicing or regulating data of EU citizens.

If any company fails to abide by the rules, fines up to €20m or 4% of annual turnover may be imposed.

Cordium assists organizations in assessing existing data storage and protection policies and take up required measures to comply with GDPR regulations.

Clients will receive recommendations on the tools they can deploy and the policies and procedures they can implement to ensure compliance.

Cordium Cybersecurity and Data Protection Consulting Services managing director Michael Corcione said: “Any investment firm doing business in Europe and having EU citizen data is going to have to comply with GDPR.

“With continuing highly publicized cyber breaches, data security are now mission critical. The costs of getting it wrong will be punitive.

“This new regulation provides a detailed mandate, and any investment manager that treats GDPR compliance as a broader cybersecurity requirement will stand to benefit from tighter data controls and operations.

“We can support our clients with the specialized expertise and tools needed to secure their data and comply with the highest regulatory standards.”

Earlier this year, Cordium has launched similar regulatory hosting solution in the US.