Addressing GDPR's high-risk data processing rules

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Practical framework for implementing GDPR’s requirements for high risk data processing

One component of the European Union’s General Data Protection Regulation (GDPR) addresses rules around “high risk” data processing. But what is “high risk”? Because EU data protection authorities (DPAs) may be unlikely to offer guidance on what this terminology means in sufficient detail before GDPR’s go-live date in May, we believe that multinationals should consider implementing their own “high risk” taxonomy ahead of that deadline.

Suggestions for undergoing GDPR "high risk" rules

The GDPR transmits risk to large corporations that process personal data of EU residents in three ways:

  • Regulators imposing fines of up to 4% of global annual revenues for egregious noncompliance with certain GDPR provisions.
  • Litigants extracting unbounded settlements and court-imposed damage awards for control failures affecting them.
  • Business clients contractually requiring their vendors to assume uncapped GDPR related risks and obligations.

Related PwC services

Contact us

Jay Cline

Privacy Leader, Principal, PwC US

Carolyn Holcomb

Partner, Cybersecurity and Privacy, PwC US

Jocelyn Aqua

Principal, Cybersecurity and Privacy, PwC US

Follow us