- Business Advisory
- Governance & Business Risk Services
- Structuring & Modeling
- Grant Thornton Finside Advisers
- General Data Protection Regulation (GDPR)
- Technology Hub Technology Hub
- Payments Services (PSD2) Compliance
- Regulatory Compliance
- Cloud Computing
- CISO on-demand
Harmonise data privacy laws across Europe
GDPR - EU General Data Protection Regulation: the most important change un data privacy regulation in 20 years!
The General Data Protection Regulation (GDPR) enhances the rights of individuals residing in the EU with regards to the utilisation that corporates make of their personal data.
On the other side of the fence, the GDPR puts significant obligations on corporates which process these individuals’ personal data and exposes them to significant fines in case of non-compliance.
Although the GDPR primarily targets corporates that process large amounts of personal data of a systematic basis (GAFA, social networks…), it ultimately concerns to various extents most of corporates which handle personal data of aforementioned individuals.
How can we help our clients with GDPR compliance
Complying in GDPR is not a one-off project that ends by May 25th 2018. The real challenge consists of remaining compliant with GDPR and in being able to prove this compliance (accountability principle).
In GDPR implementation projects, we advocate a tailored phased approach, whereby our clients have the ability to obtain oversight on the GDPR project, while maintaining control at each key milestone.
Using a proven and highly flexible and scalable methodology, we assist corporates in all or any of the following activities:
- Data protection awareness and training
- Gap analysis
- Definition of a roadmap
- Identification of personal data and creation of a Records of Processing Activities
- Implementation of a data protection impact assessment (DPIA) for the affected processing activities
- Development of the necessary data protection processes addressing the Rights of Data Subjects
- Development of data protection policies and procedure (including efficient treatment of data breaches)
- Evaluation of existing measures to ensure data security (confidentiality, integrity, availability, resilience) a data security concept
- Adaption of existing contracts or preparation of necessary contractual agreements (as controller or processor) - Provide outsourced DPO function – DPO as a service
- Perform IT General Controls covering Entity Level Controls, IT infrastructure, Access controls (logical & physical), computer operations, IT contracts
- Perform vulnerability assessments – Penetration tests
- GDPR tool selection incl. compliance tools
At each GDPR implementation project step, we document activities and controls that shall subsequently have to be performed on a regular basis in order to demonstrate accountability.