GDPR – Are you ready?


As a new global privacy regulation is about to impact businesses worldwide, now is the time to become informed and get prepared for the European Union’s (EU) General Data Protection Regulation (GDPR). With personal data at risk, these changes come as an opportunity to turn GDPR into an advantage. Every business process that collects, uses and manages personal data presents an opportunity to reconsider risk management, introduce operational efficiencies, and better protect at-risk assets.

The European General Data Protection Regulation (GDPR) will come into force on 25 May 2018. It aims to standardise and strengthen the right of European citizens to data privacy by emphasising transparency, security and accountability by data controllers.


While many of the themes, high level requirements and language of the GDPR are not vastly different from existing data protection legislation, the GDPR imposes new obligations and stricter requirements on in-scope organisations. The GDPR also includes provisions to impose administrative fines of up to €20 million or up to 4 percent of global turnover (whichever is higher) for certain infringements. If an organisation processes the personal data of people in the EU, or is a data controller or processor established in the EU, the GDPR will apply.


GDPR Guide by KPMG

Five steps to take to ensure compliance

Our GDPR Services in Estonia


During the past year, we have been advising a number of local and international large companies and local authorities in complying with the new General Data Protection Regulation (GDPR). The successful implementation of the Regulation in an organization requires both legal, IT and management competency and a risk-based approach. To this end, we have formed a joint working group of IT and legal experts to provide our clients with comprehensive and cross-sectoral support for GDPR compliance. We have started almost every project with the compliance assessment to map out all the important risks and disadvantages of personal data processing in the organization, ranking them on a risk basis. In addition to compiling documents (privacy policies, agreements, etc.), we have been involved in the transformation of the company's in-house activities, business processes and information systems in order to comply with GDPR.

We use thoroughly and internationally developed frameworks, models and methods for conducting GDPR compliance assessments that enable us to bring conformity assessment projects with the highest added value, utilizing global know-how, experience and market-leading standards.

We've recently advised the following clients on GDPR: