- GDPR affects all parts of the organisation, which can frustrate efforts to determine responsibility and accountability. Implementing policies across the organisation was named as the top challenge.
- While the legal team is central to preparation efforts, success depends on its ability to work with other departments to map issues and develop solutions.
- The GDPR regime is based on principles rather than prescriptive rules, and interpretation of legal requirements and obligations can be difficult in the absence of precedents or additional guidance.
- GDPR compliance requires understanding and control over all of the IT systems and processes for handling personal data collection – including data that may be hidden in legacy architecture and systems.
- Few organisations have sought to understand the risks arising from the actions of third-party suppliers and other commercial partners.
- Finally, most organisations have struggled to identify all data processing activities or gain a broad internal overview of their processes. For GCs, this has made compliance a continually moving target.
This report offers a view of how legal teams are addressing the challenges of GDPR and identifies a number of leading practices for getting organisations systems and processes onside. As legal counsel reported in interviews, the best solution to these challenges may be to focus on the opportunities. For example:
- Demonstrating GDPR compliance can be a good opportunity to differentiate your business by winning more consumer trust and thus competitive advantage.
- GDPR compliance can benefit the organisation’s culture, as stronger governance structures for handling data help mitigate other risks (e.g. security, bribery, corruption).
- More disciplined management of customer data can produce opportunities to build connections with customers and produce better products.
By approaching GDPR as a chance to invest in a leading-edge global data protection management system, KPMG member firm legal teams can help their clients get more control over data and leverage that data to gain more strategic value.