EU General Data Protection (GDPR) services

What is EU GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation on the protection of individuals with regard to the collecting and processing of personal data. This new regime becomes enforceable on May 25, 2018.

The GDPR's aims are twofold.

• The EU wants to give control back to citizens and residents over their personal data.
• The EU wants to simplify the regulatory environment for all businesses by creating uniformity in personal data protection regulation within the 28 countries comprising the EU

Who is affected?

The regulation applies to all organizations collecting or processing personal data of residents in the EU regardless of the organization’s physical location. In effect this regulation will affect any company that uses personal data of persons
residing in the EU in order to provide services, sell goods or monitor their behavior, even if these companies do not have an EU presence. It is important to note that the GDPR is intended to protect any individual who is legally considered a resident of the EU even if that person is not a citizen of the EU.

What is personal data?

Personal data is defined as any information relating to an individual whether it deals with his or her private, professional
or public life. It is very broad and covers such data as a name, a home address, a picture, an IP or email address, any bank
information, digital media post or medical records.

Key aspects of GDPR

• Increased territorial scope – applies to all companies processing the personal data of data subjects residing in
• the EU, regardless of the company’s location.
• Penalties – organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).
• Consent – the conditions to obtain consent to collect and use personal data have been strengthened.
• Privacy by design – including data protection from the onset of the designing of systems, rather than as an
• addition.
• Data subject rights – increased data subject rights, including access, erasure, and portability.

Our services

Mazars in the US professionals have extensive experience helping organizations understand and manage their privacy
risk. We bring an integrated team to the task that includes legal, privacy, technical, and cybersecurity expertise.

From an EU GDPR perspective, our professionals can assist you by providing a gap analysis and consulting that consists
of the following phases:

• Gain proper context – understand the organization, operating environment, and current privacy program.
• Map personal data – discover and map personal data within the organization onto business processes and IT infrastructure
• Assess current state – assess GDPR noncompliance risks and identify measures that can address them
• Develop roadmap – compile the results of the assessment into a strategy and roadmap of actionable steps to achieve and maintain compliance