General Data Protection Regulation (GDPR) Compliance

All organizations that hold, transmit or process EU resident data, regardless of whether they operate in the EU, are subject to the law. GDPR non-compliance can result in significant financial penalties, up to 4% of global revenue or 20 million euro, whichever is greater. GDPR went into effect in April 2016 and enforcement is scheduled to start in May 2018.

Many middle market organizations underestimate the amount of EU data they hold and, therefore, may not understand the legislation’s potential effect. Recent digital advancements mean that consumer data can be collected from around the world, and stored within seconds in a variety of ways, for example:

  • Websites
  • Email systems
  • Collaboration platforms
  • Business applications

GDPR raises the bar for protecting consumer information and requires specific tracking from collection to disposal. Moreover, under GDPR individuals can request that companies provide all data they maintain about them, and details of how such data is protected and processed. Failure to provide timely and complete responses to consumer requests can trigger the significant penalties mentioned above.

At RSM, we understand the complexities related to GDPR compliance and how they can affect your business. We have developed a range of GDPR services to assess your compliance, identify any potential gaps, and provide a road map for compliance:

  • Data audit and discovery – Understand what data you possess, where it resides and how it flows through systems and applications, why it is collected and how it is discarded, as an initial step to successful GDPR compliance.
  • Data privacy officer outsourcing – Some companies must appoint a Data Professing Officer (DPO) depending on the volumes of data you process. This position can be outsourced, and RSM can provide resources that understand GDPR guidelines and responsibilities.
  • Policy governance review – Learn how to develop or adjust your data privacy policies with GDPR controls and processes as required by the new law
  • Technical safeguard assessments – This assessment can help you ensure your controls are functioning as intended, while identifying and developing a plan to remediate any gaps.
  • Incident response plan development – GDPR requires data breach notification within 72 hours of a breach. RSM can create, develop or refine incident response plans to meet GDPR requirements.
  • Advisory services – RSM can provide advice to help you develop or optimize a GDPR compliance framework, including road map development from data collection to disposal.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Receive Risk Bulletin by Email


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.




RSM 2020 cybersecurity special report

  • July 14, 2020


Evolution of enterprise resource planning system cybersecurity

  • May 07, 2020