General Data Protection Regulation
Backed by fines of up to €20 million or 4% of global revenue, whichever is higher, the General Data Protection Regulation (GDPR) gives EU residents new, expanded rights over their personal data.
Avoid concerns about non-compliance and financial penalties – get EY to GDPR certify your company.
What EY can do for you
The General Data Protection Regulation (GDPR) is a global game changer. No organization storing or processing the personal data of EU residents can afford to be complacent, regardless of its location or current privacy maturity level.
- Organizations will have only 72 hours to report data breaches
- Privacy-by-design principles must be incorporated into the development of new processes and technologies
- Explicit and affirmative consent might be required before processing personal data
- Most organizations will need to designate an internal or external data protection officer
- Organizations will have to maintain records of processing activities
- Organizations will need to scale security measures based on privacy risks
- International transfers are subject to specific requirements and mechanisms
- Organizations will report to one supervisory authority
- Organizations will need to have an effective data retention mechanism in place.
When the steep financial penalties for noncompliance and data losses are added to the cost of reputational damage, sanctions, remediation and the potential impact on digital transformation, the risk of inaction is clear.
There is also the opportunity for your organization to take a strategic approach to GDPR.
Our risk-based, multidisciplinary approach targets GDPR investment where it matters most for regulatory compliance and competitive advantage. Drawing on our extensive privacy knowledge and proven tools, methodologies, DPO as a service and GDPR certification for companies, we help to identify your highest risks and design and execute a tailored road map for compliance and beyond.
EY Luxembourg GDPR-CARPA certificate: proving documents
- Our journey towards GDPR-CARPA certification Download
- EY's non-discriminatory policy Download
- The procedure for Granting Maintaining Download
- The impartiality policy and a public statement on the impartiality Download
- Our policy on the use of GDPR-CARPA certificate Download
- The procedure for appeal handling process Download
Our latest thinking
How EY can help
GDPR CARPA Certification for companies
We are proud to be the first company in the European Union to be able to deliver GDPR certifications for companies.
Tool-based data retention as a service
We can help you identify personal data throughout local or cloud systems, and assist you in the automation of cleansing and anonymization of data according to your retention policies.
Data protection and privacy
We can help your business detect and prevent data breaches resulting from internal user activity.
Changing legislative requirements, coupled with increasing customer expectations, pose a rising number of challenges for companies.
Like what you’ve seen? Get in touch to learn more.