RESEARCH REPORT

In brief

In brief

  • The European Union's General Data Protection Regulation (GDPR), which went into effect in May 2018, is the most comprehensive data protection law ever enacted. GDPR requirements cover the responsibilities of data controllers and processors, as well as the rights of data subjects.
  • In this Accenture Technology point of view, we explain how business leaders can turn GDPR compliance efforts into opportunities to build a more secure, ethical and trustworthy foundation for sustained growth and competitive edge. We also explain how our GDPR Intelligent Solution applies machine learning and advanced analytics to deliver fast outcomes.


Data compliance dilemma – Translating GDPR into compliant measures and auditable processes can be complex for even the simplest of businesses.

"Businesses should approach GDPR as an opportunity to undertake transformative initiatives that unlock new opportunities and plug revenue leakages while enabling compliance."

– SANJEEV VOHRA, Senior Managing Director – Group Technology Officer and Data Business Group Lead, Accenture Technology

This complexity is especially true for large, global enterprises, because their data is spread across multiple siloed systems that were built or acquired over years, if not decades.

Even companies with reasonably well-structured technical and data landscapes face challenges with GDPR implementation as they aim to corral piles of personal data spread across disparate enterprise systems.

GDPR compliance requires enterprise data controllers and other IT professionals achieve several things, including:

  • "Bake-in" privacy requirements into the data architecture of enterprise systems;
  • Present "one view of the truth" to data subjects, regulators and internal stakeholders;
  • Respect the right of EU data subjects to access their data, be "forgotten" or accept requests for data portability.

Data subject rights

Data subject rights include the right to object, access data, not be profiled, suspend data use, data portability, be informed, rectify, erase and delete data.

Data controller or processor obligations

Data controller or processor have the following obligations: communication, notification and documentation, records of processing, protection of cross-border data transfer, security of processing, privacy by design and breach, remediation and management.

Compliant data: An appreciating asset

Accenture’s GDPR Intelligent Solution not only identifies data locations and types in the purview of GDPR, but also validates accuracy and generates a confidence/reliability score based on which stakeholders can take appropriate action.

This function enables data controllers to establish a repeatable action that can quickly scan large amounts of personal data throughout the data lifecycle. This is important, because GDPR compliance is an ongoing commitment, not a "once-in-a-year" task.

The solution is designed around three key processes in the data supply chain—capture, curate and consume—and it does all the heavy lifting, from identifying how the data enters the enterprise system from structured and unstructured sources to which enterprise systems and processes use it, and for what purpose.

GDPR compliance is ultimately about protecting personal data and individual rights and freedoms. Organizations that see compliance as an opportunity to align their priorities to the principles of data ethics embedded in GDPR are poised to build a more secure and trustworthy foundation for sustained growth.

GDPR compliance is an ongoing commitment and not a "once-in-a-year" task.


Sanjeev Vohra

Senior Managing Director, Group Te​​chnology Officer and Data Business Group Global Lead – Accenture Technology


Andreas Braun

Managing Director, Data Business Group Lead – Europe Accenture Technology


Harsh W. Sharma

Managing Director, Data Business Group Lead – North America Accenture Technology

MORE ON THIS TOPIC


Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter