The EU General Data Protection Regulation (GDPR) is a law designed to update and unify the European Union’s approach to personal data privacy and protection. GDPR sets a high bar for compliance, with 99 articles and over 170 recitals. Following the standards set by GDPR is vital for successful business operations in Europe both because fines can extend up to two percent of a company’s global turnover but also because data has become an incredibly important resource in today’s digitised economy.

Data can be used (and misused) to make incredibly accurate characteristics of people and their behaviour which means that data privacy becomes a matter of personal privacy – and privacy is a human right. Protecting personal data is not only a matter of following regulations. It is also doing what is right.

While the regulation defines compliance as binary, complying to GDPR also means following a risk-based approach where the most important systems, data and other assets should be prioritised according to risk levels. In practice, this also means that certain parts of GDPR are important to prioritise, including the development, implementation, and governance of:

  • Privacy Governance Model
  • Records of Processing Activities
  • Data Protection Impact Assessment
  • Data Subject Rights
  • Privacy Incident Response

How can we help you?

Our Privacy Management Framework allows organisations to define key privacy considerations. We provide a modular, practical, and pragmatic structure for organising the day-to-day management and oversight required to operationalize and sustain privacy, including managing GDPR compliance considerations.

We have considerable experience in supporting organisations live up to GDPR privacy requirements and helping to achieve a compliance culture within organisations, as GDPR relates to many processes in most businesses. As organisations mature, these framework elements can be enabled using technology such as ServiceNow to automate and improve efficiency of an organisation’s GDPR program.