The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is an EU regulation which will apply across the European Economic Area (EEA) from 25 May 2018. Organisations must comply with the regulation and be able to demonstrate their compliance with it. Among the many changes and updates which organisations must implement are the requirements to keep records of processing activities, to contract with third-party processors using the terms set out in the regulation, to provide enhanced information notices to those whose data they process, and to respond to individuals’ requests for information relating to processing without undue delay and at the latest within a month.

Penalties for failure to comply with the regulation are substantial, with fines of up to 4 per cent global turnover or €20 million, whichever is greater. The sanctions that may result from non-compliance with the GDPR underline the importance of preparing your organisation for GDPR compliance.

GDPR Data Map

To comply with the GDPR and demonstrate compliance, organisations need to understand how they deal with personal data. In particular, they need to understand and record the categories of personal data they collect, from whom they collect it, where it is stored, how they process it, and how long they keep it. Epiq’s GDPR data map allows organisations and their advisors to assess and document their compliance and identify unforeseen or unintended uses of personal data. 

Data Remediation

There has been a huge increase in the amount of data which organisations create and store. However, retaining data without assessing the value of that data can increase the risk of breaching GDPR. 

Epiq uses a range of best-in-class tools and technologies to help clients audit, cleanse, monitor, index, and assess their data, enabling them to retain business-critical information while establishing efficient and effective data governance processes to minimise the data they hold. 

Subject Access Requests

GDPR reduces the response time and cost to individuals of making applications for subject access requests (SAR). This is likely to increase the number of SARs organisations need to deal with. Organisations will need to acquire the technical and operational capability to find every place that employee records could exist across global organisations, in multiple geographies, and with employees using different communication tools. 

Epiq helps organisations implement repeatable, scalable, and cost-effective processes for responding to these requests. We help you to search, identify, retrieve, redact (where necessary), and export data from their systems in an efficient and defensible manner. 

Data Protection Impact Assessment

GDPR requires controllers to undertake data protection impact assessments when an organisation’s processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. Epiq helps organisations audit relevant data processing activities and produce an assessment report.

ask an expert

Martin Bonney

Martin Bonney

Senior Director, International Consulting ServicesLondonSend a messageview all experts right

thinking

news

view all right

events

view all right
By continuing to browse and accepting this banner, you consent to the storing of first and third-party cookies on your device to enhance site navigation, analyze site usage, and assist in Epiq’s marketing efforts. Read more on our cookie notice.