The EU General Data Protection Regulation (GDPR) is a game-changer. The penalties for a breach have the potential to move from hundreds of thousands to millions of pounds, dollars or euros. Requirements around unambiguous consent and the right to erasure mean organisations fundamentally need to re-think how they manage and retain data. Compliance with the GDPR requirements is mandatory for all organisations that handle personal data of EU citizens.
Organisations have a choice. They can treat it simply as another compliance issue. Or, they can take a more business and customer-centric approach that will allow them to explore how they can manage personal data to help make more informed decisions and create a better experience for their customers and other stakeholders.
We are helping organisations around the world understand the impact of the GDPR on their business and their readiness against the requirements, create a project framework to ensure compliance and, where appropriate, identify opportunities to use data to improve decision-making and customer experience.
The GDPR brings in major changes from the current Data Protection Act, including a fundamental change to the way organisations manage personal data. Essentially, the GDPR means that organisations will need to take a more proactive approach towards management of personal data and subsequent monitoring, and reporting. The figure at right shows our view of the key changes arising from the EU GDPR.
In addition, we have identified the top three priority areas for any organisation. Each of these areas will change the way organisations ensure protection of personal data:
With the UK preparing to leave the EU, some organisations are choosing to take a ‘watch and wait’ approach to the GDPR. However, the GDPR applies to any organisation that trades in the EU or with EU citizens, or handles EU citizen data. Furthermore, we believe that the Information Commissioner’s Office will be keen to ensure consistency with the EU in order to encourage and facilitate cross-border trade and operations post-Brexit. In short, companies should proceed with their GDPR planning – either because they process EU citizen data or because the UK is likely to implement laws that are essentially identical to the GDPR.
Our experts can help identify the impact of the GDPR on your organisation and shape, mobilise and deliver transformation programmes to achieve compliance, embed privacy within your organisation and generate business benefits.
We combine proven experience and technical expertise in assessing and delivering information management, data protection and GDPR programmes across industries. In addition to our wider regulation and compliance work, we have been working at the forefront of the GDPR implementation since the outset. Some of our recent work includes:
More broadly, we have extensive experience in helping organisations to build digital trust and improve their cyber security.
Latest case story – Trunomi: Meeting the challenge of new data protection regulations