Press releases

Deloitte comments on the first 100 days of GDPR

2 September 2018

Peter Gooch, cyber risk partner at Deloitte, said:

“The introduction of GDPR in May was the most significant shake-up of EU data protection rules for over 20 years. 100 days on, there are still a number of remaining challenges for organisations.”

  1. Maintaining momentum
    “In the lead up to GDPR, organisations were gearing up by bringing in new talent and technology resources to get compliant in time. Many focused on the looming 25th May deadline but, far from being an end date, this was the starting point for new technology systems and business processes. Maintaining this momentum will be key to ensuring ongoing compliance.”
  2. The new normal
    “There was a big push to get business practices GDPR-compliant and, for many organisations, the ongoing challenge will be embedding these changes for the long-term. Continually improving new practices will ensure their sustainability and success for the future.”
  3. Enforcement
    “We’re yet to see the first ‘big’ fine as a result of a GDPR breach and it would be easy for organisations to become complacent until this time. However, organisations could potentially face fines of up to €20 million, or 4% of turnover, as well as the possibility of class action law suits, which could arguably have a greater financial impact.”
  4. Technology
    “As with new GDPR business practices, supporting technology will also have to continually adapt. Many organisations realise that systems that are ‘just good enough’ are not necessarily robust for the future, and will be looking at the role of technology for more efficient compliance.”
  5. Resourcing
    “Many organisations sought additional talent in the run up to GDPR. For some, the need for extra resourcing will still be required for the long-term success and sustainability of GDPR programmes.” 


Note to editors

About Deloitte

In this press release references to “Deloitte” are references to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”) a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity.

Please see for a detailed description of the legal structure of DTTL and its member firms.

Deloitte LLP is a subsidiary of Deloitte NWE LLP, which is a member firm of DTTL, and is among the UK's leading professional services firms.

The information contained in this press release is correct at the time of going to press.

For more information, please visit

Did you find this useful?