FTI Consulting has launched readiness services to help companies prepare for the EU General Data Protection Regulation, taking effect in May 2018.
For companies with employee or customer data on European citizens, FTI Consulting can help with the practical implications of GDPR, including data protection and information security, managing an operational environment, implementing information governance practices and applying change management in complex regulatory circumstances.
“While GDPR goes into effect just a few months from now, many multinational companies are still behind in preparing for compliance,” said Sonia Cheng, a senior director at FTI Consulting in London. “Our GDPR preparedness services are designed to be pragmatic and help companies further prioritize the various risks they face and address their compliance issues in time for the May compliance date.”
To help companies prepare, FTI Consulting provides a range of services, including:
GDPR assessments: Review requirements and applicability, and then identify gaps and areas of risk across people, process and technology to develop a pragmatic roadmap and action plan.
GDPR technology and program implementation: Provide privacy subject-matter expertise and assist with the implementation of GDPR-enabling technology, from data mapping to records management and data remediation. Define requirements, perform vendor selection and implement compliant processes and procedures.
Data map development: Develop a GDPR-specific personal data map and inventory personal data across the enterprise, where it flows internally and externally in the organization.
Sensitive data remediation: Define and classify data to identify redundant, old or trivial data appropriate for remediation, and decommission applications.
Data subject rights: Define a standardized process to review and efficiently handle data subject requests, including defining roles and responsibilities for internal and external stakeholders. Enable efficient data mapping, identification and searching across diverse data sources.
Privacy impact assessment and privacy-by-design: Assess risks for specific areas, systems or projects, update system provisioning processes, policies, procedures, roles and technical standards, and review and align with an Enterprise Risk Framework.
FTI Consulting’s GDPR readiness services provide consulting services that are flexible and can range from a single short-term project to a complete transformational service with ongoing monitoring. The offerings address key corporate data challenges with safety and defensibility by mining, storing, migrating and disposing of corporate data, as well as designing and implementing defensible e-discovery and information governance policies that are cost-effective and do not disrupt business operations.