FTI Consulting Launches General Data Protection Regulation Services

Tuesday, March 6, 2018 - 16:01

FTI Consulting, Inc. announced the launch of readiness services to help companies prepare for the General Data Protection Regulation (GDPR), which goes into effect in May 2018. 

For companies with employee or customer data for European citizens, FTI Consulting can help with the practical implications of GDPR, including data protection and information security, managing an operational environment, implementing information governance practices and applying change management in complex regulatory circumstances.

“While GDPR goes into effect just a few months from now, many multinational companies are still behind in preparing for compliance,” said Sonia Cheng, a Senior Director at FTI Consulting in London. “Our GDPR preparedness services are designed to be pragmatic and help companies further prioritize the various risks they face and address their compliance issues in time for the May compliance date.”

Companies that do not meet the stringent data protection requirements within the GDPR risk fines of up to €20 million or 4 percent of global annual revenues. To help companies prepare, FTI Consulting provides a range of services, including: 

  • GDPR Assessments: Review requirements and applicability, and then identify gaps and areas of risk across people, process and technology to develop a pragmatic roadmap and action plan.
  • GDPR Technology and Program Implementation: Provide privacy subject-matter expertise and assist with the implementation of GDPR-enabling technology, from data mapping to records management and data remediation. Define requirements, perform vendor selection and implement compliant processes and procedures. 
  • Data Map Development: Develop a GDPR-specific personal data map and inventory personal data across the enterprise, where it flows internally and externally in the organization. 
  • Sensitive Data Remediation: Define and classify data to identify redundant, old or trivial (“ROT”) data appropriate for remediation, and decommission applications.
  • Data Subject Rights: Define a standardized process to review and efficiently handle data subject requests, including defining roles and responsibilities for internal and external stakeholders. Enable efficient data mapping, identification and searching across diverse data sources. 
  • Privacy Impact Assessment and Privacy by Design: Assess risks for specific areas, systems or projects, update system provisioning processes, policies, procedures, roles and technical standards, and review and align with an Enterprise Risk Framework. 

“There isn’t a silver-bullet technology solution for GDPR compliance,” said Paul Prior, a Managing Director at FTI Consulting in Dublin, Ireland. “Instead, GDPR compliance requires a mix of technology, policy and workflow that incorporates a deep understanding of the regulations. Our GDPR readiness services provide all of this, as well as the technical know-how and change management best practices to implement these new requirements.”