Press releases

Deloitte comments on General Data Protection Regulation (GDPR) with one year to go until implementation

25 May 2017

Peter Gooch, cyber risk services partner, Deloitte, said:

“GDPR will bring in a much more comprehensive regulatory framework for privacy than we’ve had before. While some of the fundamental requirements under GDPR won’t be new, the level of proactive accountability required will perhaps be one of the most significant overall changes and companies are already working hard to comply with the new requirements. While GDPR is about much more than just cyber, it’s likely that a major cyber breach will attract the biggest regulatory censure under GDPR, with the potential for fines reaching up to 4% of worldwide annual turnover.

“However, the next year shouldn’t just be seen as a race to a May 2018 finishing line. It will be about continual improvement after this date and the enforcement tone of GDPR will become clear once it’s been implemented.

“Organisations should not see this as just a regulatory compliance programme. Having the right privacy requirements embedded into an overall customer engagement strategy can also be a competitive advantage. All businesses rely on consumer loyalty. A breach can put the company’s existence at risk.”


Notes to editors

Deloitte research of the FTSE 100 found that 87% identify cyber as a principal risk in their annual report.

About Deloitte
In this press release references to Deloitte are references to Deloitte LLP, which is among the country's leading professional services firms.

Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms.

The information contained in this press release is correct at the time of going to press.

Member of Deloitte Touche Tohmatsu Limited.

Did you find this useful?