Skip to content


A new era of data privacy: is the GDPR just a tick in a box, or an opportunity to create value?


The EU General Data Protection Regulation (GDPR) has transformed how organisations around the world handle individual privacy. And that change presents an opportunity to drive more value from data.

Organisations have a choice. They can treat the EU GDPR as just another compliance issue. Or they can use its requirements to manage personal data in a way that will help make more informed decisions and create a better experience for customers and other stakeholders.

PA digital trust and cyber security expert Elliot Rose on the future of data privacy
PA digital trust and cyber security expert Elliot Rose on the future of data privacy

In either case, compliance is mandatory for all organisations that handle personal data of anyone in the EU. And the penalties for not complying with the GDPR are up to 20 million euros or four per cent of global annual turnover. Given the rewards for using data responsibly and intelligently, and the risks of not doing so, it’s obvious the regulation shouldn’t be treated as a tick-box exercise.

We are now seeing several other countries following the lead taken by the EU and putting in place similar privacy legislation. Many global organisations are realising that regardless of rules and regulation, robust data privacy should sit at the heart of their business to build trust, protect their customers and reputation, and drive forwards.

That’s why we’re working with organisations around the world to understand how the systems and processes needed for the GDPR, and other data privacy legislation, can create opportunities to improve decision-making and customer experience.

The key changes

The EU GDPR has made major changes to the old Data Protection Act, including a fundamental alteration to the way organisations manage personal data. Essentially, the GDPR means organisations need to take a more proactive approach to managing personal data.

While we see eight key features of the regulation, we’ve identified three priority areas for organisations to focus on:

  • the right to erasure and data portability means organisations need a complete understanding of the flow of information
  • privacy by design, rather than as an afterthought, is needed for systems and organisational culture
  • as liability has been extended to third-party data processors, organisations need clearly defined accountabilities and agreements.


The EU GDPR has become the gold standard for individual privacy and many governments around the world are following similar privacy legislation. While it applies to any organisation that handles the personal data of people in the EU, the opportunities of complying for organisations that aren’t compelled to are immense.

Customers will be won-over by the commitment to privacy and security. It’ll be easy to capitalise on any opportunities that arise in Europe. And the improvements in data management will generate new insights.

So, whether the question is about the impact of Brexit on GDPR or whether American companies should improve individual privacy, the answer is that GDPR compliance brings big benefits.

How we can help

Our diverse team of experts – covering data protection, cyber security, regulation and compliance, risk management, and business change – will design and implement a sustainable privacy and data protection programme that takes into account the GDPR and other privacy regulations and legislation.

We focus on embedding privacy in a way that maintains long-term compliance while generating business benefits from data. This approach put us at the forefront of GDPR implementation from the outset. Having successfully completed a wide variety of privacy and GDPR projects, we’ve gained an in-depth understanding of the complexities of integrating data privacy into operational environments. Our recent data privacy experience includes:

  • working with one of the world’s leading life sciences company to implement data privacy globally
  • carrying out an assurance review of a central bank’s existing GDPR implementation programme to identify potential gaps and helping them re-prioritise their activities to ensure compliance
  • conducting a detailed data security gap assessment for a large UK retailer, identifying and prioritising risks, providing pragmatic remediation advice and delivering a large data protection improvement programme.

Latest client story – Trunomi: Meeting the challenge of new data protection regulations.

Related insights

Contact the authors

Contact the data privacy team