Why you need to act now

The EU General Data Protection Regulation is already the new legal standard

  • GDPR became law in Europe on 25th May 2016.
  • A two-year transition period allows organisations time to introduce compliant business processes i.e. until 25 May 2018.


After 25 May 2018, financial penalties for non-compliance will be substantial.

  • GDPR provisions will be enforced by existing national Data Protection Authorities.
  • There are two categories of administrative fine for non-compliance with GDPR:
  • penalties for the first category may be up to €10 million or 2% of global turnover;
  • penalties for the second category may be up to € 20 million or 4% of global revenues.


GDPR will have far-reaching and permanent effects

  • business strategy – response must be defined early to ensure compliance by May 2018.
  • corporate resources – Board-level approval for changes to budgets and priorities will probably be needed.
  • product management – GDPR introduces a new decisionmaker to the buying cycle: the Data Protection Officer (DPO).
  • product development – GDPR adds new pain points and feature / function sets to product design.
  • in-house legal team – review and update of both customer and supplier contracts will be necessary.
  • field communications – extends audiences to include customers’ Chief Privacy Officer, legal counsel.
  • marketing team – incorporate new messaging, brief agencies, re-prioritise and adapt actions.
  • sales – new training will be required to cover additional features, functions, benefits & audiences.
  • … all this by May 2018.