The EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, creating challenges—and opportunities—for every organisation doing business in the European Union before, during and after the deadline. It requires a wide-scale privacy changes in all regulated organisations and regulators will gain unprecedented powers to impose fines (up to EUR 20 million or 4% of annual turnover).
Nevertheless, the GDPR also represents an opportunity to:
• Transform your approach to privacy,
• Harness the value of your data, and
• Ensure your organisation is fit for the digital economy.
This means getting ready now. Not all organisations will be compliant by May 2018, but GDPR regulators will need to see by then that robust plans are in place.
Personal data protection also plays a pivotal role in Mauritius' digital economy. To meet the evolving needs the Data Protection Act 2017, aimed to strengthen the control and personal autonomy of data subjects over their personal data. It also seeks to bring Mauritius data protection framework into line with international standards, namely GDPR.
It is essential that organisations are able to demonstrate to regulators that they have robust plans in place to comply.
It is essential that organisations are able to demonstrate to regulators that they have robust plans in place to comply.
It is essential that organisations are able to demonstrate to regulators that they have robust plans in place to comply.
Stewart Room, Joint Global Head of Data Protection and Global Legal Services leader, PwC UK, discusses the General Data Protection Regulation (GDPR) and its impacts for both entities and citizens | Duration 1:48
GDPR’s scope and requirements are deep and complex, so prepare for it now to help ensure compliance. The regulation requires a programmatic approach to data protection - so you’ll need a defensible program for compliance and to prove you’re acting appropriately. Ask your organisation these questions:
Where are you on the GDPR journey and how we can help?
Your organisation may be just getting started - or may already have a GDPR programme in place. We believe that the major steps on the way to compliance are as follows: Assess - Design - Transform/Implement - Operate.
PwC has developed a 5-phase transformation approach to support you through the compliance process. Wherever you are on your journey, our Data Protection Team can help you meet the requirements of GDPR, by tailoring industry-specific solutions for your organisation.
Where do you go from here?
You should determine what existing practices need to be changed or what new processes you’ll need to achieve GDPR compliance. Depending on the scope of your business with EU residents, that may include establishing clear (and documented) accountability for compliance, reviewing the context for lawful processing and third-party contracts, and developing policies and protocols to execute on any data deletion request. It also means regularly reviewing your processes to ensure you’re staying compliant.
Tools like PwC’s GDPR Readiness Assessment Tool can provide a top-down assessment to help prioritize your efforts and identify areas which require utmost attention.
Vikas Sharma
Regional Consulting & Risk Services (C&RS) Leader, PwC Mauritius
Tel: +230 404 5015