A customized, proactive approach.

The European Union (EU) General Data Protection Regulation (GDPR) is far reaching – and is the most rigorous new privacy law in 20 years. The new regulation replaces the Data Protection Directive 95/46/EC and affects organizations in the EU or those that offer goods and services to individuals in the EU, or that collect and analyze data related to EU residents, regardless of their location. This is a nuanced and complex regulation that impacts nearly all businesses.  
At BDO, our team of experienced professionals is dedicated to helping our clients succeed. We start by helping them understand their GDPR compliance obligations, before creating and executing a remediation plan designed to minimize cost and disruption while meeting all requirements. While every plan is specifically customized to meet each of our clients’ unique situations, our main services are aligned to support the most common GDPR compliance requirements, including:
GDPR Readiness
  • GDPR readiness assessment
  • Data mapping / data flow diagramming
  • Article 30 register development and management
  • Article 6(1) and 9(1) information audit and inventory
  • Incident response planning and testing
  • Data protection impact assessments (DPIA) / privacy impact assessments (PIA)
  • Information security assessments
Outsourced / Virtual Data Protection Officer (DPO) Services (Articles 37-39)
  • Development and business alignment
  • Setup and configuration
  • GDPR Governance
Remediation and Implementation
  • Data minimization, retention, erasure and classification policies, and process development
  • Training and awareness
  • Privacy notices, policies and procedures development
  • Privacy by design and default
  • Technical controls implementation
  • Third-party processor remediation
  • Data breach response and notification process planning
  • International data transfers policies and registers development
  • iGRC® - holistic GDPR governance solution
Incident response
Country: United States Change