GDPR: A multidisciplinary issue in need of minimized business risk approach
The General Data Protection Regulation (GDPR) represents a major compliance challenge for every organisation which process, store or transmit personal data. Usually misunderstood as a solely IT issue, GDPR fails to gain the necessary momentum which will ensure uncompromised compliance and also avoid future costs while trying to retrospectively fill in initially undetected gaps. A minimized risk compliance approach should go well beyond a partial IT based methodology. The actual GDPR scope is much broader and in need of an integrated, business-wide effort.
The new regulation requires each organisation to update and adjust their current data protection framework by introducing a process-based compliance method rather than a mere checklist approach. It increases the obligations of those who process and store information and clearly specifies their responsibilities and duties. It also introduces new data specific roles such as the Data Protection Officer.
The regulation is focused on protecting individual data rights against malicious or not approved use. Failure to comply can result to stringent penalties, with the most serious cases resulting in severe fines up to €20 million or 4% of global turnover (whichever is greater).
Meeting the regulation’s requirements and protecting data rights is a demanding challenge for every organisation. Mazars offers a complete range of privacy consultancy and data protection advisory services to assist you in planning and implementing a fully documented GDPR compliance project so as to fulfill your data protection obligations in the most effective manner.
Our privacy & data protection specialists have extensive knowledge and hands-on experience of the challenges which organisations need to cope with in an increasingly regulated and security sensitive digital environment.
Vogiatzis, Stelios