General Data Protection Regulation (GDPR)
Baker Tilly’s GDPR professionals help clients navigate the impacts of the data privacy regulation, its requirements, tips for assessing GDPR readiness and preparing for compliance.
Evolving and expanding data privacy protection through GDPR readiness, implementation and compliance.
In response to the need for greater data privacy and protection, the European Union (EU) enacted the General Data Protection Regulation (GDPR) to govern the collection, processing, use, and storage of personal data originating in the EU whether it be from an EU citizen, resident, or visitor. The regulation represents the most significant data privacy and protection regulation ever enacted. GDPR applies to all organizations processing and holding the personal data of these individuals, regardless of the organization’s location.
Regulation impact
The GDPR became effective May 25, 2018. Penalties for noncompliance are significant. Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).
Tool
Your GDPR primer | Our infographic provides an essential, high-level overview of GDPR and what your organization needs to know now.
Baker Tilly privacy professionals offer a portfolio of services to help your organization understand its exposure, and provide solutions for remediation and sustainability where needed.
Readiness and gap assessment
- Documentation of current state relative to GDPR requirements
- Assessment of the GDPR regulation’s potential impact on your organization
- Assessment of the processes your organization currently has in place and development of a roadmap for GDPR compliance
Data discovery and impact assessment
- Inventory of data processing activities
- Inventory of data pools
- Development of process maps and GDPR requirements
- Data protection impact assessments
Control framework design and deployment
- Design – Assistance with selection of a suitable information security and privacy framework and controls for your organization with regard to its compliance requirements (including GDPR and other applicable regulations)
- Deployment – Implementation of controls, policies and procedures that will allow your organization to achieve and maintain GDPR compliance, while at the same time allowing your organization to continue its work
Monitoring or internal auditing
- Periodic review and validation of organization processes to assess your operations relative to plans and continued compliance with GDPR requirements
Our industries
Press release
Baker Tilly Poll Shows GDPR Compliance and Privacy Governance Still a Challenge for Most Organizations