In accordance with accepted Privacy frameworks and regulations, this website stores cookies on your computer. These cookies are used to collect information about how you interact with Lighthouse’s website and allow us to better inform and communicate about the topics you actually care about. Lighthouse uses this information in order to improve your experience and for analytics and metrics. View Privacy Policy

Coronavirus Preparedness At Lighthouse

EU General Data Protection Regulation (GDPR)

The new GDPR is a comprehensive data privacy regulation that seeks to integrate privacy laws across Europe. Its goals are to more consistently protect the privacy rights of EU citizens and to help promote and facilitate global commerce.

Key provisions of the legislation.


Applies to all EU organizations that control or process the personal data of EU residents. It also applies to non-EU companies whose processing activities relate to the offering of goods and services or behavior monitoring in the EU.


Includes obligations to conduct privacy impact assessments as well as audits and policy reviews, maintain activity records, and, in certain circumstances, appoint a data protection officer.


Extends liability to processors and imposes requirements for data processing agreements, controller instructions and record-keeping and consent when using sub-processors.


Extends more rights. Subjects have the right to understand what personal data is being held, to withdraw consent, and to request the deletion of all personal information.


Establishes the lawful bases for which companies may process personal data and mechanisms for data transfers.

Are You Prepared?

*Source: Gartner

Understanding the Risks

The regulation affords supervisory authorities with expanded powers, including issuing warnings of non-compliance, carrying out audits, requiring remediation, and suspending data transfers to other countries. It also increases their investigative and corrective powers.

More significant is that the regulation empowers supervisory authorities to issue substantial penalties for non-compliance. Depending on the violation, organizations could face up to the higher of £20 million or 4% of an organization’s global annual turnover.

Meet Jamie Brown, our GDPR Expert

Vice President of Global Advisory Services

As Lighthouse’s Vice President of Global Advisory Services, Jamie focuses on information law, compliance, and governance issues around the world. She is our resident expert on the European Union GDPR. She has two decades of in-house, government, and law firm experience. She currently focuses on international regulations, risk mitigation, and corporations in heavily regulated industries.

Jamie has worked for several leading financial institutions, including UBS in New York. There, as Executive Director in Legal and Compliance, she designed and managed a centralized, globally focused, litigation and investigations response program. Jamie also worked for Barclays, leading and implementing a global program to reduce legal, regulatory and privacy risk associated with legacy systems and data.

We can help assess your GDPR risk.

Contact Us