Upcoming opportunities to learn more about GDPR


The world is abuzz with talk of Europe’s General Data Protection Regulation (GDPR) coming out in May 2018. Unlike EU directives, regulations like GDPR don’t have to be implemented in local law, meaning that once GDPR hits, it hits everyone. Companies that have EU citizens as customers, no matter where these companies are in the world, are going to have to abide by those rules, and GDPR sets a very high bar for data protection.

At the center of it all is the Data Subject, the person whose personal data GDPR was designed to protect. Under the new regulations, subjects must be able to knowingly and willingly give consent for their data to be processed, withdraw their consent as easily as they give it, know what data is being processed and how it is being used, and have their data erased or “forgotten” at any point in time. Controllers need to be able to determine how and why data is being used, while also ensuring that data protection is at the forefront of system design rather than an afterthought.

The legislation also gives rise to the position of data protection officer to oversee and record all activities related to data protection within the organization, including the reporting and handling of personal data breaches, which will be strictly scrutinized under GDPR. Interestingly, or perhaps alarmingly enough, only 29% of UK firms and 18% of US firms say they’re planning on hiring data protection officers.

While the penalties are apparent — companies failing to comply can be fined up to 4% of their annual revenue — many see great opportunities in GDPR. Some companies, for example, are using the changes required by GDPR to help drive Digital Transformation by removing legacy systems and replacing them with tools that have privacy built in by design, such as Microsoft Office 365. The more obvious perks also include the trust and value one can receive by becoming a GDPR champion enterprise.

As a global IT company, we have had plenty of experience in our own organization and in client organizations preparing for GDPR and have recognized several key considerations:

  • A mix of on-premises and cloud services can grossly complicate the question of where information is held and how to readily access it.
  • A lack of “what-if” scenarios are being asked, like what if 1,000 people requested to see their data?
  • Data lakes and single repositories stand as two broad approaches for holding customer data.
  • Good UX principles should be used to design consent forms versus lawyers and commercial departments.
  • An existing security project, such as compliance with Payment Card Industry Data Security Standard, can be used as a stepping stone to GDPR.
  • More communications to users and customers is key to a smooth transition to GDPR.

As part of our Workplace & Mobility Roadshow, we have a workshop on “discovering” GDPR for those who wish to learn more about the regulation, how it may affect their company, and what they can do to not only become GDPR compliant, but use it to drive value for their company. Register for this high-impact, business transformation-focused roadshow coming to a city near you today!

Neil-MacCuish-headshotNeil MacCuish is one of the senior advisors within the EMEA Mobility & Workplace Practice. In this role he works with senior client stakeholders, across multiple industries, to help them to understand and define what their Workplace strategies and investments need to be in order to drive maximum value and employee enablement.


  1. nice information

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.