GDPR- Are you on the next level?

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. Focus has been on getting ready for GDPR. Now there is an increasing attention on how organizations can create business value from GDPR and thereby turn challenges into opportunities while meeting daily obligations. Deloitte has looked into what the greatest challenges are.

Deloitte investigated how organizations are facing the challenge of complying with the most radical overhaul of data protection laws in a generation while still having to meet daily obligations. Deloitte has conducted a General Data Protection Regulation (GDPR) Benchmarking survey across a sample of organizations and industry sectors in EMEA to see how organizations try to move up the maturity ladder by trying to improve the compliance excellence and harvest from data insight while still having to run daily operations.

The market listed the top five challenges (in order of difficulty):

  • Consent - ensuring consent is informed, unambiguous and recorded
  • Right to erasure - managing and facilitating data subjects’ right to request the deletion of personal data
  • Personal data register - developing and maintaining a register of personal data processing activities
  • The accountability principle - records of decisions and positions, and demonstrating compliance
  • Data portability - providing ability to port personal data from one data controller to another.


Further, results of the benchmarking survey showed the following trends:

  • Approaches to compliance and remedial spending vary widely. There is little correlation between organization size (by headcount or revenue) and spend, nor any clear trends in different industry segments
  • However, there is one clear trend across industries: Privacy is seen as an enabler. 61% of respondents see further benefits of remediation activities beyond just compliance. And of those, 21 per cent expect ‘significant benefits’, including competitive advantage, improved reputation and business enablement.


What is becoming very relevant in the market lately is the data breach procedures that companies have put in place. When faced with such an incident, many firms will instinctively focus their resources and efforts on containing the breach, rather than on their most important asset – their customers. Failing to manage the customer impact is likely not only to trigger headline–grabbing regulatory fines but also customer loss – potentially impacting both the value and reputation of the brand, increasing the risk of executive resignations and accelerating the pace of a doubtless already plummeting share price.

As one of a series of crisis response insight articles from Deloitte, the following paper looks at the customer‑related challenges organizations now face in light of GDPR and identifies the factors which contribute to an effective, customer‑centric response. Read more here.

Deloitte has prepared a report that makes pragmatic recommendations on how to comply with the most challenging areas related to GDPR. Most importantly, it explains how privacy can become more than a compliance exercise; how it can turn into a real business asset and enabler, and maybe even a competitive advantage. Read more here.


Deloitte Privacy Services is dedicated to helping organizations, identify and manage the risks and opportunities associated with personal data, navigate privacy risk, staying within the rules of the game, while allowing privacy to be a business enabler and to use personal data to increase customer trust.

Fandt du dette nyttigt?