EY logo

EY

Financial Services Ireland

Thought Leadership

Developing your GDPR response for competitive advantage

Read more


In May 2018, the European Union’s new General Data Protection Regulation (GDPR) ushers in unprecedented levels of data protection for EU residents. Backed by fines of up to €20 million or 4% of global revenue, whichever is higher, the GDPR gives individuals new, expanded rights over their personal data and heightens the responsibilities and liabilities of controllers and processors, regardless of their geographic location.

Requirements:
  • Data protection impact assessment – This assessment, required for high risk personal data processing activities, can help organizations identify risks and define mitigating actions.
  • Data privacy accountabilities – The GDPR states that the controller is responsible for confirming that a firm adheres to the law’s privacy principles.
  • Condition for processing – The processing of personal data must rely on a lawful basis as outlined in the GDPR.
  • Data protection officer – Firms that conduct large-scale systematic monitoring of EU residents’ data or process large amounts of sensitive personal data must appoint a qualified DPO.
  • Privacy by design (PbD) – Organizations are required to establish privacy controls from the outset of product or process development.
  • Right to erasure – An individual can request the deletion or removal of personal data when there is no lawful reason for its continued processing.
  • Consent – Consent must be freely given and explicit, indicating the individual’s specific agreement to the processing of personal data.
  • Data breach notification – Organizations must notify the supervisory authority of a data breach within 72 hours of becoming aware of it.
  • Data portability – This allows individuals to move, copy or transfer personal data easily from one organization to another in a secure way for their own purposes.
How we can help

Implementing the GDPR should be viewed as an integrated exercise set within each firm’s overall privacy risk management framework. GDPR touches on all aspects of an organization, reaching across people, processes and technology and, as such, establishes a cross-functional team that supports the transformation of the company, which is a critical step for a successful implementation.

Edward Taggart

Director, Performance Improvement
Edward's Full Profile


Developing your GDPR response for competitive advantage

Growth

Developing your GDPR response for competitive advantage

Download brochure


Related Content

How should financial entities best prepare for the Digital Operational Resilience Act (DORA)? Read More
Operational Resilience: breakdown of the Central Bank’s guidelines and assessment of next steps for firms to take Read More
When cyber threats are crossing boundaries how can CISOs maintain focus? Read More
The hidden risks of shadow IT and what it could cost your business Read More
Operational Resilience and Cybersecurity: How prepared is your organisation against operational disruption? Read More
Is cybersecurity about more than protection? Read More

Load More