We use cookies to ensure you have the best experience on our site. By continuing to use the site you agree to the use of cookies.

EU General Data Protection Regulation (GDPR)

The new GDPR is a comprehensive data privacy regulation that seeks to integrate privacy laws across Europe. Its goals are to more consistently protect the privacy rights of EU citizens and to help promote and facilitate global commerce.

Key provisions of the legislation.

EXPANDED SCOPE

Applies to all EU organizations that control or process the personal data of EU residents. It also applies to non-EU companies whose processing activities relate to the offering of goods and services or behavior monitoring in the EU.

DATA GOVERNANCE REQUIREMENTS

Includes obligations to conduct privacy impact assessments as well as audits and policy reviews, maintain activity records, and, in certain circumstances, appoint a data protection officer.

INDEPENDENT LIABILITY FOR PROCESSORS

Extends liability to processors and imposes requirements for data processing agreements, controller instructions and record-keeping and consent when using sub-processors.

EXPANDED RIGHTS OF DATA SUBJECTS

Extends more rights. Subjects have the right to understand what personal data is being held, to withdraw consent, and to request the deletion of all personal information.

LAWFUL GROUNDS FOR PROCESSING

Establishes the lawful bases for which companies may process personal data and mechanisms for data transfers.

Are You Prepared?

*Source: Gartner

Understanding the Risks

The regulation affords supervisory authorities with expanded powers, including issuing warnings of non-compliance, carrying out audits, requiring remediation, and suspending data transfers to other countries. It also increases their investigative and corrective powers.

More significant is that the regulation empowers supervisory authorities to issue substantial penalties for non-compliance. Depending on the violation, organizations could face up to the higher of £20 million or 4% of an organization’s global annual turnover.

Meet Jamie Brown, our GDPR Expert

Vice President of Global Advisory Services

As Lighthouse’s Vice President of Global Advisory Services, Jamie focuses on information law, compliance, and governance issues around the world. She is our resident expert on the European Union GDPR. She has two decades of in-house, government, and law firm experience. She currently focuses on international regulations, risk mitigation, and corporations in heavily regulated industries.

Jamie has worked for several leading financial institutions, including UBS in New York. There, as Executive Director in Legal and Compliance, she designed and managed a centralized, globally focused, litigation and investigations response program. Jamie also worked for Barclays, leading and implementing a global program to reduce legal, regulatory and privacy risk associated with legacy systems and data.

We can help assess your GDPR risk.

Contact Us