By using this web site you accept our use of cookies.

EVRY_GI-624097524.jpg (Large).jpg

The general data protection regulation:

Are you in control of personal data?

General Data Protection Regulation

In April 2016, the European Economic Area (EEA) set in place the General Data Protection Regulation (GDPR) which will be effectuated in May 2018. This regulation affects all organizations that handle personal data within the EEA. To be compliant to the new regulation, each organization will have to put in place measurements with which they ensure GDPR requirements are fulfilled.

What is the GDPR about?

  • Increase protection of personal data
  • Strengthen individual rights
  • Increase mobility in EU’s single market

How does the GDPR require organizations to fulfill this?

  • Purpose limitation, data retention & third parties
  • Record inventory
  • Notice, consent & objection
  • Profiling restrictions
  • Right to access
  • Right to rectification & erasure
  • Data portability
  • Security measures & breach notifications
  • Privacy by design & default
  • Data Protection Officer, audits & fines

Consequences of the new regulation:

  • Data Analytics:
    • Non-compliance gives limited possibilities for cognitive analytics
  • Economical:
    • Violation charges (20 mil Euro, 4% of total global revenue)
    • Distortive competition when vendors in Barcelona or Stockholm do not have same conditions
  • Strengthened confidence:
    • Loss of control or non-compliance will negatively impact reputation
    • Customers will leave companies that cannot control their data
    • Compliance will increase customer reputation and consumer’s willingness to share their data

The GDPR leads to new opportunities:

New opportunities will occur in the area of consumer rights with even more consumer-focused software with which personal data and consent is managed. Additionally it will generate a new wave of improved Data Management capabilities in organizations to enhance, among others, Data Governance, Data Quality, Master Data Management  and Metadata Management.

Our approach towards compliance and leveraging new opportunities:

With our five-phased approach we provide the needed structure to become GDPR compliant

EVRY as a ‘Processor’

EVRY can help you become compliant within your organization. At the same time, for a number of our clients, EVRY fulfills the role of ‘Processor’ in the GDPR. The Processor is responsible for the processing of personal data on behalf of other organizations. EVRY is already working to ensure GDPR compliance in its processing role.

Our consultants can help your business through the GDPR-process:



Awareness of privacy regulations starts with top management. No top management support, no (or limited) success

Read more


Initial maturity assessment. Prioritization for Target Setting. Familiarizing with As-Is.

Read more

Target setting

Data Protection Authority Guidelines. Define Targets (People, Process & Technology). Prioritized work packages & roadmap.

Read more

System change

GDPR Programme and Projects. Prepare & implement change. Validate compliance with Data Protection Authority.

Read more

New business opportunities

Reflect on new status quo in the organization, but also in the industry. Define opportunities and next steps.

Read more

Evaluation and implementation

Ongoing evaluation and measurement of the project according to the target image set.

Contact us to learn more