client alert


The clock is ticking: The General Data Protection Regulation takes effect in May 2018

Almost every business is affected, but still, many are not yet sufficiently prepared for the changed risk position. The time is now to put your data protection organization to the test.

Changed Risk Position

In a time of omnipresent digitalization, data protection gains massive importance. The new European General Data Protection Regulation (GDPR) becoming effective on May 25, 2018 drastically increases the legal risks. Companies without an effective data protection organization will have bad future prospects. Poor data protection compliance can lead to more significant fines and even imprisonment for the responsible management.

Your company faces fines of up to EUR 20 million for material violations of data protection law or four percent of the total worldwide sales of the previous fiscal year, whichever is greater.

However, risks can be even more serious if competitors attack business processes violating data-protection laws by means of injunctions. In a worst case scenario, central processes could be directly prohibited by court.

Data breaches can have a substantial negative (even short-term) impact on company value or individual assets (such as databases) and can also lead to a sustained loss of image and trust.

Due to the increased importance of data protection, affected persons will increasingly claim damages against companies.

Which companies are affected?

The GDPR concerns basically any company who processes or lets business-related personal data be processed. In addition to partnerships and corporations, it applies also to other natural or legal persons or associations (e.g. societies or organizations).

In the future, the risk-based approach of the GDPR will force companies to critically examine existing data processing operations with regard to the associated risks for rights and freedoms of the persons affected by the processing. However, this assumes that there is clarity about the nature and extent of the processing of personal data.

In our experience, many companies already have basic deficits; according to current studies, still more than a third of the companies surveyed are badly prepared.

The new law applies as of May 25, 2018 without exceptions. Therefore, it is likely that many companies will be subject to fines if not prepared.

Our Service

We put your data protection organization to the test with our data privacy stress test (Privacy Impairment Check), objectively and independently.

We provide a quick overview of the regulatory requirements relevant to you and the maturity of your privacy organization with regard to the relevant benchmark.

Our privacy stress test is structured modularly, to be tailored to your specific requirements.

Your added value

The results of our data privacy stress test provides you with clarity on how you tackle the major data protection risks for your company.

Ideally, your data protection organization is already able to withstand the pressure of our stress test and we can attest you the data protection compliance of all relevant business procedures of your company.

Ideally, your business can profit from the opportunities data protection grants today. Our privacy stress test will assist you in exploiting the full potential of your data for active use in your business.

Should the results of our stress test indicate the requirement for optimization of your data protection organization, we are happily ready to assist you with the conceptual design and implementation.

Excellently positioned for you

Our team of highly specialized legal professionals provides you with comprehensive advice in the field of data protection and data security. From a legal point of view, we assist in the identification, analysis and evaluation of existing legal documentation and internal procedures for dealing with personal data as well as their optimization. We also provide advice on the implementation of information and data management compliant with data privacy protection, the development and launch of products, as well as internal or external investigation procedures on an ad hoc basis, e.g. following a data breach. In addition, we represent companies vis-à-vis the relevant authorities as well as at court. As legal advisors, we work together with Deloitte's technology and business process experts in numerous interdisciplinary projects and therefore have the necessary experience to provide holistic and integrated solutions to even the most complex legal issues. Have we piqued your interest? Contact us anytime!

Key Facts

• The new General Data Protection Regulation (GDPR) changes the risk situation and drastically increases the legal risks.
• Put your data protection organization to the test with our data privacy stress test, objectively and independently.
• We review and evaluate data protection compliance for all relevant business areas and processes in your company.
• We help you to take advantage of the opportunities for your business activities which data protection presents today.

Did you find this useful?