The General Data Protection Regulation comes into effect on May 25th 2018 and applies to all organisations that manage the data of EU citizens. The regulation defines a new standard for data governance and requires significant business and technological change. Organisations that breach the regulation will be subject to potential fines of up to €20m or 4% of global turnover and bans from processing such data.
MThree Consulting are delivering a GDPR compliance project at a global Insurance provider to bring their data governance in line with the regulation’s requirements. The project sets out clear deadlines across the business to ensure their compliance in both EU and non-EU territories.
What We Are Doing
- Conducting a GDPR compliance assessment to highlight and analyse gaps between the current situation and GDPR requirements
- Defining and delivering to project deadlines to achieve GDPR compliance
- Ensuring internal data protection frameworks, policies, procedures and assessments are in line with GDPR
- Working closely with internal Legal, Procurement, HR, IT and Security departments to achieve business and technological change
- Collaborating with a global team of Data Protection Officers in territories both inside and outside of the EU to develop the necessary processes
- Reviewing and rewriting contract clauses to ensure GDPR compliance
- Creating the required documentation such as policies, procedures and assessments to ensure future compliance