General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) goes into effect in May of 2018. Are you ready?
63% of data compliance officers have highlighted that their privacy maturity is at early or mid stages of maturity.
31% of organisations have a planned increase in employees related to regulatory compliance.
67% of executives highlight privacy as the key regulatory and legal compliance initiative.1
This sweeping regulation requires organizations to meet stringent data protection requirements affecting the personal data of EU citizens. It also impacts companies that are based outside of Europe. Companies must put compliance programs in place, or face fines of up to €20m or 4% of global annual revenues.
FTI Consulting GDPR Preparedness Services
When preparing for the GDPR, there is a broad range of expertise that is required, from having experience with the practical implications of applying data protection and information security, to managing an operational environment, to implementing information governance practices, to applying change management in complex regulatory circumstances. The FTI Consulting team has a strong track record of collaborating across legal, IT, compliance and lines of business to ensure input from and transparency with key stakeholders on policy development and implementation. Our global services include:
Review requirements, applicability, identify gaps and areas of risk across people, process and technology, and develop a pragmatic roadmap and action plan.
GDPR Technology & Program Implementation
Provide privacy subject matter expertise and assist with the implementation of GDPR enabling technology. Our team has experience with GDPR relevant technologies (e.g. Data Mapping, Data Remediation, Incident Response, Subject Access Request Workflow, Records Management, Archival tools and more). Define requirements, perform vendor selection and implement compliant processes and procedures.
Data Map Development
Develop a GDPR specific personal data map and inventory personal data across the enterprise, where it flows internally and externally in the organisation.
Sensitive Data Remediation
Define and classify data to identify redundant, old or trivial (ROT) data appropriate for remediation, and decommission applications.
Data Subject Rights
Define a standardized process to review and efficiently handle Data Subject requests, including defining roles and responsibilities for internal and external stakeholders. Enable efficient data mapping, identification and searching across diverse data sources.
Privacy Impact Assessment & Privacy by Design
Assess risks for specific areas, systems or projects, update system provisioning processes, policies, procedures, roles, and technical standards, and review and align with an Enterprise Risk Framework.
Cybersecurity Assessment and Program Implementation
Assess cybersecurity posture and provide recommendations for implementing policies, processes and technologies that establish the appropriate level of security to mitigate risks.
Data Breach Preparedness and Response
Develop and implement incident response preparedness, response and notification plans to help companies meet the 72 hour breach notification requirements.
Employee Training and Change Management
Develop GDPR awareness campaign and develop multi-channel stakeholder specific training materials for employees, HR, IT, Customer Support, Marketing, and other key stakeholder areas. Ensure client specific drivers are fully reflected in messaging and tonality of communications and training.
Identify potentially relevant contracts that may need to be reviewed and updated with new GDPR compliant data protection clauses utilizing FTI Consulting or partner related technologies.
GDPR Program Auditing
Conduct an independent review and audit of your existing GDPR program and related practices to identify potential areas of improvement and ongoing compliance.