Cordium, a provider of GRC services to the asset management and securities industry, has expanded its cyber-security and data protection consulting services to the U.K. to help investment firms prepare for and manage the requirements of the EU’s new General Data Protection Regulation (GDPR), which comes into effect in May 2018.

GDPR will introduce a rigorous set of data privacy and security requirements—spanning 99 articles and 173 recitals—for any organisation that servicing or controlling data of European Union residents, regardless of where the company is located. Cordium will help investment firms assess their current policies and practices for processing, storing and protecting data, identify any potential gaps in the GDPR requirements and develop remediation plans. Clients will receive recommendations on the tools they can deploy and the policies and procedures they can implement to ensure ongoing compliance.

The GDPR consulting service is the latest addition to Cordium’s growing set of cyber-security and data protection services, first launched last year in the United States. The company’s services are designed to help investment firms quickly understand how GDPR and other regulatory requirements to their specific situations and how to embark on rapid and effective plans of action.