In May 2018, the European Union’s new General Data Protection Regulation (GDPR) ushers in unprecedented levels of data protection for EU residents. Backed by fines of up to €20 million or 4% of global revenue, whichever is higher, the GDPR gives individuals new, expanded rights over their personal data and heightens the responsibilities and liabilities of controllers and processors, regardless of their geographic location.
Implementing the GDPR should be viewed as an integrated exercise set within each firm’s overall privacy risk management framework. GDPR touches on all aspects of an organization, reaching across people, processes and technology and, as such, establishes a cross-functional team that supports the transformation of the company, which is a critical step for a successful implementation.