General Data Protection Regulation
Backed by fines of up to €20 million or 4% of global revenue, whichever is higher, the General Data Protection Regulation (GDPR) gives EU residents new, expanded rights over their personal data.
What EY can do for you
The General Data Protection Regulation (GPDR) is a global game changer. No organization storing or processing the personal data of EU residents can afford to be complacent, regardless of its location or current privacy maturity level.
- Organizations will have only 72 hours to report data breaches.
- Privacy-by-design principles must be incorporated into the development of new processes and technologies.
- Explicit and affirmative consent will be required before processing personal data.
- Most organizations will need to designate a data protection officer.
- Organizations will have to maintain records of processing activities.
- Organizations will need to scale security measures based on privacy risks.
- International transfers are subject to specific requirements and mechanisms.
- Organizations will report to one supervisory authority.
- Although GDPR brings a welcome harmonization of fragmented data protection laws across EU member states, its wide-reaching impact and stringent rules require a fundamental organizational shift, even for businesses compliant with existing legislation.
When the steep financial penalties for noncompliance and data losses are added to the cost of reputational damage, sanctions, remediation and the potential impact on digital transformation, the risk of inaction is clear.
There is also the opportunity for your organization to take a strategic approach to GDPR.
Our risk-based, multidisciplinary approach targets GDPR investment where it matters most for regulatory compliance and competitive advantage. Drawing on our extensive privacy knowledge and proven tools and methodologies, we help to identify your highest risks and design and execute a tailored road map for compliance and beyond.
Like what you’ve seen? Get in touch to learn more.