The new Regulation requires organisations to adjust their current Data Protection framework, and introduce process-based compliance rather than a tick-the-box approach. It increases the obligations of Data Controllers and clearly specifies the responsibilities and duties of Data Processors, including the appointment of a Data Protection Officer (in certain circumstances).
The GDPR also enshrines the rights of data subjects and introduces new concepts such as the Right to Erasure (Right to be Forgotten), the Right to Data Portability. Penalties for non-compliance are increased substantially, with the most serious breaches resulting in severe fines up to €20 million or 4% of global turnover (whichever is greater).
Meeting the Regulation’s requirements and protecting data subject’s rights is a challenge that faces every organisation. Mazars offers a range of Privacy consultancy and Data Protection advisory services to assist you in identifying, planning for and meeting your Data Protection obligations.
Our Privacy and Data Protection consultants have in-depth knowledge and practical experience of the challenges and opportunities facing organisations that process personal data and operate in an increasingly regulated environment.