The European Union (EU) General Data Protection Regulation (GDPR) is far reaching – and is the most rigorous new privacy law in 20 years. The new regulation replaces the Data Protection Directive 95/46/EC and affects organizations in the EU or those that offer goods and services to individuals in the EU, or that collect and analyze data related to EU residents, regardless of their location. This is a nuanced and complex regulation that impacts nearly all businesses.
At BDO, our team of experienced professionals is dedicated to helping our clients succeed. We start by helping them understand their GDPR compliance obligations, before creating and executing a remediation plan designed to minimize cost and disruption while meeting all requirements.
GDPR READINESS:
• GDPR readiness assessment
• Data mapping / data flow diagramming
• Article 30 register development and management
• Article 6(1) and 9(1) information audit and inventory
• Incident response planning and testing
• Data protection impact assessments (DPIA) / privacy impact assessments (PIA)
• Information security assessments
REMEDIATION AND IMPLEMENTATION
• Data minimization, retention, erasure and classification policies, and process development
• Training and awareness
• Privacy notices, policies and procedures development
• Privacy by design and default
• Technical controls implementation
• Third-party processor remediation
• Data breach response and notification process planning
• International data transfers policies and registers development
INCIDENT RESPONSE
• Dawn raid support
• Litigation support