EU General Data Protection Regulation
The days of organizations leaving the responsibility for privacy protection to someone else are over.
The introduction of the European Union (EU) General Data Protection Regulation (GDPR), released in 2016 and that came into effect 25 May 2018, has significant implications for companies across the globe.
The GDPR applies to any organization, regardless of geographic location, that controls or processes the data of a European Economic Area resident. The EEA is composed of EU Member States, plus Liechtenstein, Norway and Iceland. It dictates what data can be collected, the need for explicit consent to gather such data, requirements to disclose any breaches of data, and stronger powers to substantially fine organizations that fail to protect the data for which they are responsible.
Our thought leadership report covers the 12 key points from the new regulation, making it easy for our clients to understand the business implications and what they need to put in place - and that’s where EY can help. Our privacy professionals are ready to help clients assess their privacy programs against the GDPR requirements, design practical recommendations and help the monitoring of the program’s performance.
If you are interested in any of these topics, please let us know. We would be glad to discuss further.
Also see other privacy issues facing businesses today from a Luxembourg perspective on our EY's data privacy service brochure.
EY's data privacy services
What the GDPR means for financial services and asset management
Minds made for protecting financial services
Demonstrating data privacy for GDPR and beyond
WEY data privacy assurance services
- Why we exist
At EY, our purpose is to build a better working world for our clients, our people and our communities. We strive to help create a legacy of improved business performance, confidence and trust.
Preparatory measures for companies include a clear understanding of their current compliance position and their personal data processing by verifying what personal data they process, where it is processed in the company and where the data is transferred from and to and how it is secured throughout its lifecycle. With an understanding of their compliance gaps, you will be in a position to assess your personal data risks and develop prioritized remediation plans in order to adjust your data protection management to a new landscape under the GDPR.
- How we do it
We team globally to co-create more innovative answers with our clients. The unique and ongoing collaboration between EY consultants and our clients results in better working businesses.
We work with organizations to enhance their understanding of their compliance position and maturity level. Organizations will face many challenges preparing for the GDPR over the next year. It is important that they understand their current state and the steps necessary to move towards compliance with the GDPR.
- GDPR Speed Assessment: meeting using our speed assessment tool to walk through your current compliance with the new GDPR and identify significant gaps and remediation required.
- GDPR 360 Degree assessment: detailed questionnaires, interviews and workshops to understand your GDPR compliance position.
- Data Protection Impact Assessments: design of a tailored DPIA template. Interviews with system/project owners and review of design and documentation to assess the risks of harm to individuals through the misuse of their personal information.
- Know your personal data – data inventory: use the appropriate tool solution for your requirements to scan an agreed sample of your network and interrogate the contents of documents to understand what personal data you have in your organization and where it is.
- Data protection improvement program: a program of interlinked activities to develop your privacy framework and improve your maturity and compliance with the GDPR.
- What we do
We solve big, complex issues and capitalize on opportunities to help deliver better working outcomes that grow, optimize and protect our clients' businesses now and in the future.
We offer a range of privacy assurance and advisory services. We are ready to help entities assess their programs against the GDPR requirements, design practical recommendations and help the monitoring of the program’s performance. With many successful projects in ensuring Data Privacy, we are able to help address entities’ needs.
How we can help
At EY, we have a dedicated team of certified information privacy professionals who help organizations to better understand what risks exist to data privacy and compliance with the GDPR and the regulations involved, while helping effectively manage the use of personal information within their organization.
Data Protection and Privacy
Our Data Protection and Privacy services enable organizations to deploy processes and tools that can help to detect and prevent data breaches resulting from internal user activity.
Privacy Transformation Services assist an organization to enable a seamless flow of personal information, adhering to global regulations like GDPR which will reinforce data protection rights of individuals and introduce more stringent compliance challenges impacting the business. The range of services will address privacy challenges such as: identity theft, brand and reputation damage, litigation, regulatory action and global compliance, direct financial loss, loss of market value and loss of consumer and business partner confidence.
We can also help you in executing GDPR impact assessments, gap analysis and assistant with the implementation of the necessary measures in order to ensure timely and consistent GDPR compliance across your organization.
Who we are
EY is the industry leader in GDPR, and a thought leader in the data privacy and data protection space.
We are a team of consultants and industry professionals with a global mindset and a collaborative culture.
Our multi-disciplinary teams, comprising more than 200 Certified Information Privacy Professionals and Privacy Lawyers, bring together our Legal, Cybersecurity and Data Analytics expertise, and use best-in-class tools to offer a comprehensive, customized approach for each client. We work hard to understand our clients’ issues and are driven to ask better questions in the pursuit of making their businesses work better.
- Are you a data processor or a data controller processing personal data inside the EEA or processing the personal data of EEA citizens?
- Do you conduct large scale systematic or regular monitoring (including employee data)?
- Do you have a data protection program and are you able to provide evidence of how you comply with the requirements of the GDPR?
- Would you be able to notify a data protection supervisory authority of a data breach within 72 hours?
- Do you design data protection and privacy requirements into the development of your business processes and new systems?
- Do you know how you will comply with the new rights: the right to erasure, the right to data portability and the data subject’s right to object?