Home » Operations » Best Practices & Benchmarking in Operations

GDPR goes live on May 25: DOES IT IMPACT YOU?

Businesses trnasacting business in the EU now have less than three months to complete the development of the systems and processes to comply with the strict new rules, full details on GDPR (General Data Protection Regulation) here, which include:

  • Increased Territorial Scope (extra-territorial applicability)
  • Penalties: organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). 
  • Consent: has to be clear and easy, and It must be as easy to withdraw consent as it is to give it.​
  • Data subject rights covering: Breach Notification; Right to Access; Right to be Forgotten; Data Portability; Privacy by Design; need for Data Protection Officers

Current preparedness

The third biennial Ernst & Young 2018 Global Forensic Data Analytics Survey asked several questions with respect to readiness for the GDPR. The found that of the 745 responding finance executives:

  • only 33% have an established plan for GDPR compliance (and another 39% signifying they are unfamiliar with the GDPR)
  • GDPR compliance plan in place: 
    • Europe (60%)
    • Africa and the Middle East (27%)
    • Americas (13%)
    • Asia-Pacific (12%).

Yet despite this lack of preparedness, respondents rank data protection and privacy risks as a top concern as they watch their overall risk profiles continue to expand.

What to do right now?

To get up to speed on CTMfile recommends:

  1. Get a copy of the Ernst & Young 2018 Global Forensic Data Analytics Survey
  2. take one of Thomson Reuters’s online training courses on GDPR
  3. In you’ve not started talk to one of the consultancies that specialise in GDPR immediately.

CTMfile take: 4% of your turnover could be way more than the cost of a cybersecurity breach???

This item appears in the following sections:
Best Practices & Benchmarking in Operations
Control & Compliance in Operations
Know Your Customer

Also see


No comment yet, why not be the first?

Add a comment