GDPR Compliance Services

The General Data Protection Regulation (GDPR) is a sweeping regulation that requires
organizations both inside and outside of Europe to meet stringent data protection requirements
affecting the personal data of EU citizens. With severe penalties in play - fines of up to €20m or
4% of global annual revenues - corporations must implement actionable and efficient strategies
to achieve compliance.

FTI GDPR Compliance Services

TOP CHALLENGES OF THE The process of becoming GDPR compliant requires a broad range of expertise,from
GDPR: experience with the practical implications of applying data protection and
information security, to managing an operational environment, to implementing
information governance practices, to applying change management in complex
Elevated consent: regulatory circumstances. The FTI team has a strong track record of collaborating
Where applicable, consent
across legal, IT, compliance and lines of business to ensure input from and
must be unambiguous and
explicit; transparency with key stakeholders on policy development and implementation.
Our global services include:
Breach reporting:
GDPR Assessment
Companies are required to
notify authorities after 72 Review requirements, applicability, identify gaps and areas of risk across people,
hours of breach awareness; process and technology, and develop a pragmatic roadmap and action plan.

GDPR Technology & Program Implementation

Privacy by-design Provide privacy subject matter expertise and assist with the implementation
and by-default:
Proactive user-centric of GDPR enabling technology. Our team has experience with GDPR relevant
privacy requirements must technologies (e.g. Data Mapping, Data Remediation, Incident Response, Subject
be built into products and Access Request Workflow, Records Management, Archival tools and more).
processes;
Define requirements, perform vendor selection and implement compliant
processes and procedures.
The right to
be forgotten: Data Map Development
Individuals may request Develop a GDPR specific personal data map and inventory personal data across
that companies erase all
the enterprise, where it flows internally and externally in the organisation.
data pertaining to them.
Sensitive Data Remediation
Define and classify data to identify redundant, old or trivial (ROT) data appropriate
for remediation, and decommission applications.
GDPR COMPLIANCE SERVICES

Data Subject Rights Trusted Global Leaders in Information Governance,

Define a standardized process to review and efficiently E-discovery and Investigations
handle data subject requests, including defining roles and FTI Technology’s Information Governance, Privacy & Security
responsibilities for internal and external stakeholders. Services are tailored to the specific needs of each client and
Enable efficient data mapping, identification and searching the FTI team offers deep experience in delivering tangible
across diverse data sources. results in the context of investigations, litigation, mergers and
Privacy Impact Assessment & Privacy by Design acquisitions, regulatory issues, reputation management and
Assess risks for specific areas, systems or projects, update restructuring. Our professionals, including forensic experts,
system provisioning processes, policies, procedures, roles, corporate investigation specialists and technology and
and technical standards, and review and align with an e-discovery professionals are industry leaders experienced in
Enterprise Risk Framework. many of the largest regulatory and data privacy matters of the
past decade.
Cybersecurity Assessment and Program Implementation
Assess cybersecurity posture and provide recommendations
About FTI Technology
for implementing policies, processes and technologies that FTI Technology solves data-related business challenges, with
establish the appropriate level of security to mitigate risks. expertise in legal and regulatory matters. As data grows in
size and complexity, we help organizations better govern,
Data Breach Preparedness and Response secure, find, analyze and rapidly make sense of information.
Develop and implement incident response preparedness, Innovative technology, expert services and tenacious
response and notification plans to help companies meet the problem-solving provide our global clients with defensible
72 hour breach notification requirements. and repeatable solutions. Organizations rely on us to root
Employee Training and Change Management out fraud, maintain regulatory compliance, reduce legal and
Develop GDPR awareness campaign and develop multi- IT costs, protect sensitive materials, quickly find facts and
channel stakeholder specific training materials for employees, harness organizational data to create business value. For
HR, IT, Customer Support, Marketing, and other key stakeholder more information, please visit www.ftitechnology.com.
areas. Ensure client specific drivers are fully reflected in
messaging and tonality of communications and training.

Contract Intelligence
Identify potentially relevant contracts that may need
to be reviewed and updated with new GDPR compliant
data protection clauses utilizing FTI or partner related
technologies.

GDPR Program Auditing

Conduct an independent review and audit of your existing
GDPR program and related practices to identify potential
areas of improvement and ongoing compliance.

SONIA CHENG DEANA UHL

Senior Managing Director Managing Director
+44 (0) 7977 500709 +1 (832) 667-5123
sonia.cheng@fticonsulting.com deana.uhl@fticonsulting.com

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its
affiliates, or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public
accounting firm or a law firm.

FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve
disputes: financial, legal, operational, political & regulatory, reputational and transactional. FTI Consulting professionals, located in all major
business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and
opportunities. FTI Technology is a segment within the FTI Consulting (NYSE:FCN) network of affiliated entities worldwide and is operated as a
distinct legal entity in certain jurisdictions, including the U.S. and Australia. ©2024 FTI Consulting, Inc. All rights reserved. fticonsulting.com