Insights/Case studies/Newsroom/CareersCareersCareersPartnersConsultantsTechnology innovationCorporateEarly careersSearch Jobs/About us/Contact us Global locations

  • Phone
  • Contact us
  • Locations
  • Search
  • Menu
  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Email this article
Close this video


Just a 'tick in a box' – or an opportunity to create value?

Contact us now

Time until GDPR enforcement:


The EU General Data Protection Regulation (GDPR) is a game-changer. The penalties for a breach have the potential to move from hundreds of thousands to millions of pounds, dollars or euros. Requirements around unambiguous consent and the right to erasure mean organisations fundamentally need to re-think how they manage and retain data. Compliance with the GDPR requirements is mandatory for all organisations that handle personal data of EU citizens.

Organisations have a choice. They can treat it simply as another compliance issue. Or, they can take a more business and customer-centric approach that will allow them to explore how they can manage personal data to help make more informed decisions and create a better experience for their customers and other stakeholders. 

We are helping organisations around the world understand the impact of the GDPR on their business and their readiness against the requirements, create a project framework to ensure compliance and, where appropriate, identify opportunities to use data to improve decision-making and customer experience.


The GDPR brings in major changes from the current Data Protection Act, including a fundamental change to the way organisations manage personal data. Essentially, the GDPR means that organisations will need to take a more proactive approach towards management of personal data and subsequent monitoring, and reporting. The figure at right shows our view of the key changes arising from the EU GDPR.

In addition, we have identified the top three priority areas for any organisation. Each of these areas will change the way organisations ensure protection of personal data: 

  • the right to erasure and data portability will require organisations to have a complete understanding of the information flow ecosystem
  • privacy within systems and organisational culture will need to happen by design, rather than as an after-thought
  • liability extension to third-party data processors will enable organisations to have clearly defined accountabilities and agreements.   

With the UK preparing to leave the EU, some organisations are choosing to take a ‘watch and wait’ approach to the GDPR. However, the GDPR applies to any organisation that trades in the EU or with EU citizens, or handles EU citizen data. Furthermore, we believe that the Information Commissioner’s Office will be keen to ensure consistency with the EU in order to encourage and facilitate cross-border trade and operations post-Brexit. In short, companies should proceed with their GDPR planning – either because they process EU citizen data or because the UK is likely to implement laws that are essentially identical to the GDPR.

Our experts can help identify the impact of the GDPR on your organisation and shape, mobilise and deliver transformation programmes to achieve compliance, embed privacy within your organisation and generate business benefits.

  • we offer a six-week sprint to assess readiness against the GDPR requirements and define a remediation programme in line with risk appetite. Our gap assessment framework takes into consideration not only the GDPR requirements but also other privacy best practices
  • we have a multi-disciplinary team of specialists – covering data protection, cyber security, regulation and compliance, risk management and business change – who can help design and implement a sustainable privacy and data protection programme
  • we are close to the GDPR solution providers and understand the complexities of integrating the GDPR into operational environments.

We combine proven experience and technical expertise in assessing and delivering information management, data protection and GDPR programmes across industries. In addition to our wider regulation and compliance work, we have been working at the forefront of the GDPR implementation since the outset. Some of our recent work includes:

  • helping a UK-based retail bank to conduct a detailed assessment of their existing data protection capabilities against the UK Data Protection Act and the GDPR and identify key areas of improvement and remediation
  • carrying out an assurance review of a central bank’s existing GDPR implementation programme to identify potential gaps against the regulation and helped them re-prioritise their activities to ensure compliance
  • conducting a detailed data security gap assessment against the requirements of international standards for a large UK retailer. We identified the main risks, provided pragmatic remediation advice, prioritised risk and delivered a large data protection improvement programme.

More broadly, we have extensive experience in helping organisations to build digital trust and improve their cyber security

Latest case storyTrunomi: Meeting the challenge of new data protection regulations

PA opinion

  • Why the EU GDPR is a big deal for HR professionalsGDPR is a big deal for everyone, not least HR. HR will have a responsibility to ensure employees are GDPR compliant and know what their roles and duties are when handling any personal data, whether that belongs to their colleagues or customers. What's critical here is recognising that compliance with the GDPR boils down to changing behaviours of everyone in the organisation. 07/09/2017 18:01:00
  • The EU GDPR will still matter after Brexit: that's a good thingThe announcement this week from the UK Government that it will largely follow the EU GDPR when the UK leaves the EU has widely been anticipated. We believe such reforms are good for UK citizens and, if implemented in the right way by UK industry, good for the UK as a whole. 08/08/2017 00:00:00
  • The EU GDPR – a chance to improve your relationship with your customers: an interview with Elliot Rose, PA digital expertWhat does the EU General Data Protection Regulation (GDPR) mean for you and your customers? We already know non-compliance with the new data protection regulation can mean huge fines, but how are some organisations turning the GDPR to their advantage? We sat down with Elliot Rose, PA digital expert, to learn more. 06/07/2017 18:01:00
  • GDPR – are you panicking yet?With less than a year to go until the EU General Data Protection Regulation (GDPR) comes into full effect, we share key insights from the ICO, legal, industry and GDPR experts at a recent industry forum. 05/06/2017 10:20:00
  • EU GDPR: a year to go and a blessing in disguise?One year from today your organisation needs to be compliant with this new regulation. We think getting in shape for GDPR brings fantastic opportunities – not just more bureaucracy. 25/05/2017 10:20:00
  • Into the unknown – determining the cost of GDPRThe EU General Data Protection Regulations (GDPR) was ratified by Brussels nearly a year ago. However, FS organisations are only just waking up to the reality of its impacts and how much it's going to cost. 20/03/2017 00:00:00
  • GDPR overview in the Nordics The EU General Data Protection Regulation (GDPR) brings in major changes to the current EU Data Protection legislation by fundamentally changing the way organisations manage personal data. 14/03/2017 00:00:00


To find out more or to speak to one of our information security and GDPR experts, please contact us.

By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.