General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) triggers the most significant changes to EU data privacy regulation in 20 years. It aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. It replaces the 1995 EU Data Protection Directive and was designed to harmonize data privacy laws across Europe to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. It expands on the rights of data subjects such as, breach notification in less than 72 hours, right to access, right to be forgotten, data portability, privacy by design, and mandatory deployment of Data Protection Officers (DPOs).

Key Highlights:

  • Who is regulated: Every EU-based “controller” or “processor” of personal data is regulated, as is every controller based outside the EU that targets goods or services, or profiles, at people living in the EU. There is an increased territorial scope – applies to all companies processing the personal data of data subjects residing in the Union
  • What constitutes personal data: Any information related to a natural person or “Data Subject,” which can be used directly or indirectly to identify a person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
  • Important Dates: Regulation came into effect April 2016; Enforcement date set for 25th May 2018.
  • Penalties for Lack of Compliance: Regulators have warned that fines for non-compliance may reach as high as 4% of worldwide revenue or €20M, whichever is higher
  • Impact on US firms: Ninety-two percent of U.S. multinational companies cited compliance with the General Data Protection Regulation (GDPR) as a top data protection priority. Sixty-eight percent are earmarking between $1 million and $10 million on GDPR readiness and compliance efforts, while 9 percent of those companies are expecting to spend over $10 million.

How Knowledgent Can Help

The most critical first step is to perform a readiness assessment. Knowledgent will utilize interviews, collaboration workshops and design sessions to capture the required information and assess the current state and perceived gaps for GDPR Compliance.  Knowledgent will synthesize outputs of the discovery into action plans which will inform the executable roadmap. 

Roadmap will include recommendations for alignment of People, Process and Technology across Discover, Security and Governance components. There are various potential tools such as Global IDs and Collibra which could be part of the technology aspect of the roadmap. Activities will be defined along the following dimensions:  Compliance and delivery risks, resourcing required, level of effort and implementation estimates and milestones

Knowledgent Differentiation

Knowledgent understands and has experience interpreting the GDPR regulation and “right-sizing” it for our clients, and has deep expertise in data governance management, all within an industry context. We bring assets and accelerators to enhance discovery and execution roadmap creation.

One thought on “General Data Protection Regulation (GDPR)”

  1. I’ll have to agree with your comments on the GDPR, and also add to it by stating that GDPR compliance for U.S. businesses is an overwhelming topic indeed as I’m finding that organizations really don’t know where to start. What’s the scope? What policies need to be developed? The questions are endless and it can be frustrating, to say the least. My recommendations are to first get a sense of what scope is, which begins by identifying what type of personal data do you store, process, and or transmit for EU data subjects. Just knowing that should give controllers and processors in the US – and the UK – some comfort. After that, I would move to the all-important Article 32 to see what security policies, procedures, and processes you have in place, or are missing. Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.