The General Data Protection Regulation (GDPR) recently went into effect, yet many multinational companies are still behind the compliance curve.
This sweeping regulation requires organizations to meet stringent data protection requirements affecting the personal data of EU citizens and for the first time, also impacts companies that are based outside of Europe. With severe penalties in play - fines of up to €20m or 4% of global annual revenues - corporations must implement actionable and efficient strategies to achieve compliance.
FTI GDPR Compliance Services
When designing compliance policies and workflows for the GDPR, there is a broad range of expertise that is required, from having experience with the practical implications of applying data protection and information security, to managing an operational environment, to implementing information governance practices, to applying change management in complex regulatory circumstances. The FTI team has a strong track record of collaborating across legal, IT, compliance and lines of business to ensure input from and transparency with key stakeholders on policy development and implementation – as well as several GDPR preparedness engagements completed.
Sonia Cheng, FTI Consulting’s European Information Governance Leader, talks about what GDPR is, the key steps to compliance, and what to do if you have limited time and budget.
Our global GDPR services
GDPR Assessment
Review requirements, applicability, identify gaps and areas of risk across people, process and technology, and develop a pragmatic roadmap and action plan.
Data Subject Rights
Define a standardized process to review and efficiently handle Data Subject requests, including defining roles and responsibilities for internal and external stakeholders. Enable efficient data mapping, identification and searching across diverse data sources.
Employee Training and Change Management
Develop GDPR awareness campaign and develop multi-channel stakeholder specific training materials for employees, HR, IT, Customer Support, Marketing, and other key stakeholder areas. Ensure client specific drivers are fully reflected in messaging and tonality of communications and training.
GDPR Technology & Program Implementation
Provide privacy subject matter expertise and assist with the implementation of GDPR enabling technology. Our team has experience with GDPR relevant technologies (e.g. Data Mapping, Data Remediation, Incident Response, Subject Access Request Workflow, Records Management, Archival tools and more). Define requirements, perform vendor selection and implement compliant processes and procedures.
Privacy Impact Assessment & Privacy by Design
Assess risks for specific areas, systems or projects, update system provisioning processes, policies, procedures, roles, and technical standards, and review and align with an Enterprise Risk Framework.
Contract Intelligence
Identify potentially relevant contracts that may need to be reviewed and updated with new GDPR compliant data protection clauses utilizing FTI or partner related technologies.
Data Map Development
Develop a GDPR specific personal data map and inventory personal data across the enterprise, where it flows internally and externally in the organisation.
Cybersecurity Assessment and Program Implementation
Assess cybersecurity posture and provide recommendations for implementing policies, processes and technologies that establish the appropriate level of security to mitigate risks.
GDPR Program Auditing
Conduct an independent review and audit of your existing GDPR program and related practices to identify potential areas of improvement and ongoing compliance.
Sensitive Data Remediation
Define and classify data to identify redundant, obsolete or trivial (ROT) data appropriate for remediation, and decommission applications.
Data Breach Preparedness and Response
Develop and implement incident response preparedness, response and notification plans to help companies meet the 72 hour breach notification requirements.
Learn More
Stay up-to-date with the latest trends and best practices with related thought leadership resources from FTI Technology:
To date, GDPR compliance at most organizations has been approached from the top down. Policies and procedures are essential. However, now that most organizations have those in... Learn more »
A new forward-thinking approach to reduce risk of data breach has changed the way organisations view their processes in a drive to protect reputation. Learn more »
Data is a strategic asset and GDPR has raised the profile of data management from the basements to the boardroom and assigned a strategic value to understanding our data, how we... Learn more »
The GDPR compliance deadline might have passed but over two-thirds of UK firms acknowledge they are at risk of a GDPR breach crisis. While data mapping and updating privacy... Learn more »
Companies around the globe are impacted by the landmark EU legislation, the General Data Protection Regulation (GDPR) which comes into force on May 25, 2018. While there is... Learn more »
When the European General Data Protection Regulation (GDPR) enforcement kicks in this May, responding to data subject rights will be a challenge for many large organizations. The... Learn more »
Much like Information Governance, preparation for the General Data Protection Regulation is a cross-departmental concern that requires input from many different groups within an... Learn more »
By 2012, the European Commission put forth a proposal to reform the legislation, as a response to new challenges in the protection of personal data and represent the Digital Age.... Learn more »
When preparing for the GDPR, there is a broad range of expertise that is required, from having experience with the practical implications of applying data protection and... Learn more »
The General Data Protection Regulation (GDPR) goes into effect in roughly one year, yet many multi-national companies are still behind in preparing for compliance. Learn more »
Learn about additional service offerings and solutions from FTI:
We use cookies to provide the best experience possible. For more information on the cookies we use and the information they store please refer to our privacy policy.