GDPR – Turning a Challenge into an Opportunity
As of May 25, 2018, non-compliance with GDPR (General Data Protection Regulation) can be fined with severe penalties of up to 4 % of total turnover or Euros 20 Million, as well as the cost of compensation claims. The GDPR applies to any organization domiciled in the EU (European Union) that is processing personal data. It also affects companies domiciled outside the EU, which promote their services within the EU and as a result process personal data of individuals in the EU (“data subjects”). Therefore, the GDPR topic ranks high on the agenda of many large organizations domiciled either within or outside the EU. Most affected are B2C segments like Banking, Insurance, Healthcare, Telecoms, Legal and Education, etc.
The next steps in becoming GDPR compliant
The approach to GDPR compliance
- Policies, controls, processes, roles and responsibilities in handling personal data
- Acquisition, storage, retrieval, processing, usage, change and destruction of personal data
- Manageability of digital and physical data in a structured or un-structured format
- Confidentiality, integrity, security, availability and resilience of data handling
- IT platforms, systems, databases
- Transparency rules, information obligations and audit rights