General Data Protection Regulation | GDPR

Are you ready for the changing data protection landscape?

Getting ready for the General Data Protection Regulation

The General Data Protection Regulation (GDPR) will impact every entity that holds or uses European personal data both inside and outside of Europe. GDPR is an opportunity to be embraced and a challenge to overcome to ensure compliance.

In order to be ready for the GDPR, entities will need to set their vision, agree their strategy and constitute their structures for achieving data protection and privacy operational change and compliance. These are not simply legal questions: getting ready for the GDPR requires multi-disciplinary skill sets.

Our team has the skills to provide solutions to the challenges ahead.

In the time available, organisations with significant personal data and complex processes will struggle to be fully compliant by May 2018. It’s therefore essential that your organisation has a clear vision and a risk-based approach to your GDPR implementation programme.

What will the GDPR mean for you?

Emphasis on individual rights

Under the GDPR, individuals will have the following new and enhanced rights to:

  • Access personal data
  • Correct data inaccuracies
  • Have data deleted / erased
  • Prevent direct marketing
  • Restrict automated decision-making and profiling
  • Data portability, or the right to receive personal data

View more

Other new or enhanced requirements

  • New categories of personal information brought into scope, including images, IP addresses and biometric data
  • Enhanced documentation requirements, including personal data flows and processing activity
  • Designation of a Data Protection Officer for many businesses
  • Mandatory 72 hour breach notification
  • Performance of regular risk assessments and privacy impact assessments
  • Privacy by design embedded throughout the organisation’s systems, technologies and processes
  • Scope of GDPR is extended to companies that process data on behalf of other organisations

View more

A failure to comply with the GDPR could result in fines of up to the higher of €20 million, or 4% of the organisation’s annual global turnover. However, the legal cost of dealing with data subject claims where organisations have got it wrong could exceed any fine imposed by the regulator.

Our services

We can help you to:

  • Develop a GDPR strategy
  • Map your data or create a data asset register
  • Develop data privacy policies & procedures
  • Assess the risks associated with third party vendors or partners
  • Understand the implications of international data transfers
  • Create a data breach response plan
  • Train your staff
  • Project manage your GDPR remediation programme
  • Health-check the work you’ve done to date towards GDPR compliance

We recognise that one size does not fit all, and that every business has unique characteristics requiring a tailored approach to data protection. We can help you define a strategy for your privacy programme, and a tailored approach based on what matters most to your organisation and your appetite for risk.

We can help you prepare for the GDPR, from assessing your current state of compliance, through assisting you with your remediation programme, to establishing what “business as usual” will look like from May 2018.

Contact us

Steve Billinghurst

Director, PwC Isle of Man

Tel: +44 (0) 1624 689711

Follow us