Services

General Data Protection Regulation (GDPR)

Our vision and approach

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, changing the European privacy landscape. For organisations, this means a number of changes.

Deloitte Privacy Services – the evolution of Privacy

Our GDPR Benchmarking Survey has recently allowed us to establish that beyond highlighting the greatest challenges and concerns regarding GDPR requirements, the results from this survey highlighted that privacy as an enabler was a key trend. 61% of respondents see further benefits of remediation activities beyond just compliance. And of those, 21% expect ‘significant benefits’, including competitive advantage, improved reputation and business enablement.

We outline some major points from our experience that can help organisations getting the most from these changes.

Top 5 thematic considerations for implementing a GDPR programme:

  1. A wide range of stakeholder engagement is required. There are few compliance topics that have implications across such a wide range of areas including executive sponsorships and accountability from all business functions.
  2. It is important to drive towards collective outcomes. A clear, tangible and agreed target state across each GDPR area is required to bridge the gap typically seen between programme teams and the business.
  3. The Regulation encourages a risk-based approach. This can be applied across many aspects; from completeness of your data inventory, to which systems you proactively analyse and prepare so they can deal with rights, such as portability and erasure. Set tangible parameters.
  4. It is vital to ensure internal messaging is relevant such that everyone can see the importance of the topic.
  5. Make sure your programme includes the definition of a long term operating model that sets out roles and responsibilities such as how privacy risk is managed and how it is monitored and assessed.

How Deloitte can help

Privacy is a global issue, with a heightened sense of regulatory and public awareness meaning the high bar for privacy compliance is the new normal.

We have a global team that works internationally to solve our clients’ most complex problems with subject matter expertise that provides pragmatic advice.

Deloitte works with you to answer the questions that matter the most through our comprehensive suite of end‑to‑end Privacy Services to transform how you manage your regulatory obligations and make the most of personal data. Explore our privacy services.

Key contact

Peter Gooch

Peter Gooch

Partner

Peter is a Partner within Deloitte’s Cyber Risk Services. He joined Deloitte in 2001 and specialises in Privacy, Data Protection and information/cyber security. Peter has extensive experience in execu... More