IT Advisory Services

General Data Protection Regulation requirements

Are you prepared for GDPR?

The General Data Protection Regulation (GDPR) comes into force in May 2018.
It is the latest development in the current EU agenda to safeguard its citizens and
their private information. The GDPR introduces new rights for individuals and
strengthens existing protections. This new regulation imposes stricter requirements
on all business activities involving data. Whether you are a data controller or a data
processor, the GDPR will have a significant impact on your business and the clock is
ticking. The GDPR supersedes the existing Irish Data Protection Acts and expands
the obligations already in place.

Regulatory changes require prompt consideration and critical assessment by
organisations in order to understand their effects on business operations. Amended
business practices, supported by IT systems and operational processes will be
required to achieve compliance with this new regulation.

With the data protection legal landscape evolving rapidly it presents many challenges
for businesses, government and public authorities, in particular for consumer facing
businesses, online businesses, those in the financial services sector or organisations in
possession of sensitive personal data. The potential severity of fines for data breaches
and non-compliance with regulation was significantly increased to €20 million or 4%
of group turnover, whichever is greater. Organisations will have to move quickly to
avoid potentially large fines for non-compliance.

At Grant Thornton our specialised IT consulting, business risk services and
teams offer an integrated service to create, protect and enhance value in your
organisation in line with the new GDPR.