General Data Protection Regulation (GDPR)

Evolving and expanding data privacy protection through GDPR readiness, implementation and compliance

Baker Tilly’s GDPR professionals help clients navigate the impacts of the data privacy regulation, its requirements, tips for assessing GDPR readiness and preparing for compliance.

    Evolving and expanding data privacy protection through GDPR readiness, implementation and compliance.

    In response to the need for greater data privacy and protection, the European Union (EU) enacted the General Data Protection Regulation (GDPR) to govern the collection, processing, use, and storage of personal data originating in the EU whether it be from an EU citizen, resident, or visitor. The regulation represents the most significant data privacy and protection regulation ever enacted. GDPR applies to all organizations processing and holding the personal data of these individuals, regardless of the organization’s location. The regulation represents the most significant data privacy and protection regulation ever enacted. GDPR applies to all organizations processing and holding the personal data of these individuals, regardless of the organization’s location.

    Regulation impact

    The GDPR became effective May 25, 2018. Penalties for noncompliance are significant. Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).

    Baker Tilly privacy professionals offer a portfolio of services to help your organization understand its exposure, and provide solutions for remediation and sustainability where needed.

    Readiness and gap assessment

    • Documentation of current state relative to GDPR requirements
    • Assessment of the GDPR regulation’s potential impact on your organization
    • Assessment of the processes your organization currently has in place and development of a roadmap for GDPR compliance

    Data discovery and impact assessment

    • Inventory of data processing activities
    • Inventory of data pools
    • Development of process maps and GDPR requirements
    • Data protection impact assessments

    Control framework design and deployment

    • Design – Assistance with selection of a suitable information security and privacy framework and controls for your organization with regard to its compliance requirements (including GDPR and other applicable regulations)
    • Deployment – Implementation of controls, policies and procedures that will allow your organization to achieve and maintain GDPR compliance, while at the same time allowing your organization to continue its work

    Monitoring or internal auditing

    • Periodic review and validation of organization processes to assess your operations relative to plans and continued compliance with GDPR requirements