This regulation applies to any company that collects or processes personally identifiable information of EU residents and visitors. It will have the greatest impact on industries that have a global client base, including hospitality, pharmaceuticals, retail, financial services, aerospace and defence.
There are serious legal and financial consequences of non-compliance with the law. Whether or not your organisation conducts business directly with the EU, companies should review the operational functions that could be impacted, undertake an inventory of personal data stored, review data policies, conduct a risk assessment to identify any gaps, and very importantly, engage with vendors as soon as possible.
Time is running out! My team can assist to identify issues and develop a customised process that can work with your existing enterprise risk management framework. There are technology solutions available to facilitate ongoing protection and longer term sustainability of the GDPR compliance process. Please do not hesitate to contact us for a more detailed discussion.
Points of View
- Board Oversight of Performance Management
- Shared Risk, Shared Gain: A Change Management Approach to Implementing Ideas Into Production
- The latest blog posts from The Protiviti View:
- Getting Equipped for the GDPR Journey
- Don’t Squash The Butterfly: Three Steps to Technology Acquisition Success
- 2018 Audit Committee Agenda: Assessing Committee Effectiveness and Obtaining Business Context
Protiviti Around The World
- Protiviti named to Fortune 100 Best Companies to Work For® List for Fourth Year
- Protiviti Singapore speaks at Internal Audit Excellence 2018 Conference
Guide to Internal Audit
- What Is Control Self-Assessment?
- Expedia Revolutionises Global Travel with a Clear Eye on Cultural Accountability