Getting Ready for the General Data Protection Regulation

GDPR has the potential to become a de facto global standard for data governance and privacy companies that operate on an international basis

Effective in May 2018, the European Commission’s General Data Protection Regulation (GDPR) represents an extraordinary shift in the way businesses around the world will be expected to operate when they gather, process, maintain, and protect customer data.

Unlike past European Union (EU) privacy mandates, GDPR applies to every organization—based anywhere in the world—that handles the personal data of an EU resident.

The GDPR requirements are as sweeping as they are demanding:

  1. Strict regulations define the consent required to collect personal data, as well as the records that organizations are required to maintain to document how, when, and where consent was acquired. 
  2. EU residents can demand to know what personal data is retained by an organization, understand how that data is being used, and require that the data be modified or erased upon their instruction.
  3. Privacy-by-design must be incorporated into all marketing, product, and service systems that retain personal data of EU residents. Data breaches generally must be reported within 72 hours of their discovery.
  4. Organizations must be prepared to proactively demonstrate total compliance with all aspects of the law. Penalties for non-compliance can be as high as €20 million or 4% of total global turnover from the prior year, whichever is higher. At these levels, penalties for noncompliance could threaten the very survival of many companies.

GDPR goes into full effect on May 25, 2018. For many organisations, building, testing, and deploying the sophisticated data infrastructures and security systems demanded by GDPR—plus instituting the necessary changes in policies and procedures—will represent a massive undertaking to meet the deadline. As the regulation currently stands, once implemented, there will be no additional grace period for any organisation, no matter its size, industry, or location.

Integrated Capabilities for a Total GDPR Solution

As a leading global advisor to companies transitioning their data protection compliance to the new GDPR rules, Navigant delivers integrated capabilities that help streamline GDPR preparation for organisations.

Our Solutions Include:

  • Data inventory and mapping to identify how data is acquired, moved, and stored within your organisation
  • Construction of a GDPR-centric compliance platform
  • Intelligent information security solutions

With expert technical specialists in data management and information security, Navigant is prepared to support your organisation on its GDPR compliance path no matter where you stand today. For organisations just starting the process of planning their approach, our consultants can help you assess your current state, identify gaps or deficiencies, and launch into the work necessary to become compliance-ready. Organisations further along in their journeys can rely on Navigant experts to provide the seasoned resources who can work side-by-side to reinforce your internal teams.
Finally, if your entity is not yet certain about the impact and applicability of GDPR to your practices, we are able to help you better understand your needs and implement a plan to address them.

Reaching true GDPR readiness can be both complex and difficult: achieving a smooth transition by May 25, 2018 demands that organisations take action now. Navigant offers the data management and information security expertise upon which companies of all sizes and levels of preparedness can rely to be successfully positioned for GDPR compliance

Download Getting Ready for GDPR

About the Experts

Back to top