General Data Protection Regulation

GDPR Is Here – Now What?

Microsite Hero Description

GDPR consulting services help organizations identify common GDPR gaps and develop remediation plans
General Data Protection Regulation



We are pleased to share our GDPR FAQ Guide, created in partnership with Robert Half and the multinational law firm Baker McKenzie to help organizations understand, prepare and operate under the GDPR. This guide covers the GDPR basics and focuses on critical areas such as third-party risk, data-privacy rights, consent management and privacy notices.

Protiviti designs holistic and comprehensive approaches to GDPR compliance, supporting privacy and security by design, assessing readiness, and helping businesses better understand their data-privacy posture. In addition, our compliance solutions cover people, processes and technologies to help drive sustainable and effective privacy programs.

We will work with you to build your organization’s GDPR program, including consultation on the following:

Read Protiviti's blog posts on GDPR

  • Regulation interpretation – analysis and advice
  • Gap remediation with leading practices – including design and implementation of third-party risk, data-privacy rights, data governance and privacy notices
  • Compliance solutions – people, process and technology execution for an effective cybersecurity and privacy program
  • Compliance management – monitoring and maintaining controls going forward.

We support clients during all stages of their GDPR compliance efforts. Our organization integrates global consulting talent from different practices and backgrounds to provide you with a custom team to address your GDPR needs, including functional expertise from our Global Security and Privacy practice and our Data and Analytics teams and legal and privacy support from Robert Half Legal.

Watch our video: What is next around privacy programs?


How Protiviti Can Assist:

  • Discovery and Planning: Inventory of GDPR Data Sources with Their Criticality Template
  • GDPR Gap Analysis and Results
  • Compliance Roadmap and Supporting Report
  • Gap Remediation: Remediate and Implement Solutions
  • Post-Regulation Date: Assessing Controls in Place or Maintaining Controls That Have Been Implemented
  • Global Capabilities to Deliver GDPR Expertise for Clients


“Protiviti did a great job in helping us to address the privacy challenge with a very strong risk-based approach and had a very pragmatic blended team that provided us several valuable solutions and very effective change management communication materials to address all the organizational and technology impacts required by new privacy regulations.”

Compliance Officer, top listed global manufacturing company

Key Partners


Protiviti assists organizations in achieving clarity and compliance around privacy risk governance programs, including GDPR. We help companies understand the impacts of regulatory requirements, assess and remediate processes and technologies and implement changes to achieve and maintain compliance. Our approach to GDPR compliance includes:

Discovery: Identify high-risk areas to ensure a focused approach

  • Identify and inventory EU personal data including classification level, data controller, processor and exchanges
  • Formal inventory of processing activities

Manage: Determine exposure and prioritize compliance activities

  • Assess data collection, processing and storage, and protection measures
  • Assignment of a Data Protection Officer transfers to third parties, risk assessment practices and security policies
Data Quality

Protect: Implement changes to achieve compliance

  • Obtain executive management support and funding
  • Establish compliance program structure and governance
  • Identify compliance strategies
  • Implement remediation plans

Report: Provide evidence of accountability and compliance

  • Maintain required documentation
  • Testing and validation
  • Implementation of monitoring tools and processes
  • Manage data requests and breach notification