General Data Protection Regulation (GDPR) Consulting

On May 25, 2018, the European Union will implement the General Data Protection Regulation (GDPR) to enhance data protection rights for EU individuals and unify regulation across the EU. This will impose extensive requirements that will impact all data processing in firms that deal with data of EU citizens. Penalties and fines for non-compliance are wide ranging and significant, including fines of up to 4% of total global annual turnover or €20 million. 

Developing a risk-based approach to GDPR

Duff & Phelps’ dedicated GDPR team – consisting of GDPR, compliance, data protection and cybersecurity specialists - brings a deep understanding of the requirements and regulator expectations. We have extensive experience in assessing, designing and implementing GDPR, governance, compliance and risk frameworks across the financial services industry. 

We provide a comprehensive range of consulting and advisory services to assist firms throughout all stages of GDPR, from framework assessments, design and implementation support, to a practical Toolkit and templates:

  • GDPR framework, Toolkit and materials customized to your business
    • Gap analysis of your firm’s GDPR arrangements against requirements
    • Design and development of a GDPR framework fit-for-purpose for your business
    • Toolkit that allows firms to undertake their own GDPR impact assessment, and provides a comprehensive suite of tools to create good governance, sound technical infrastructure, robust operational processes and controls and clear communications
    • Policies and procedures across a range of GDPR areas
    • Templates and compliance checklists, such as data security, notices, consents and contractual documentation
    • Training modules with practical guidance
  • Practical advice and support throughout your GDPR journey
    • On-call and practical GDPR advice and assistance pre- and post-implementation
    • Interim certified DPO role secondments and project management support to assist with implementing, delivering and monitoring your GDPR arrangements
    • Security and regulatory breach assistance during/post event, including cybersecurity attacks, investigations and regulatory enforcement cases
  • Assessments to analyze gaps, resolve issues and demonstrate compliance
    • GDPR Data Privacy Readiness assessment analyses your firm’s current data privacy policies and procedures to identify gaps and security risks, and propose remedial measures where necessary
    • Data Privacy impact assessment across projects and systems infrastructure
    • Independent assurance assessments and testing of your GDPR arrangement
/services/compliance-and-regulatory-consulting/regional/eu-regulation/gdpr-consulting /-/media/feature/services/compliance-and-regulatory-consulting/crc-main-desktop-banner.jpg service

Advice and Consulting by Jurisdiction

Contact Us

Other Areas We Can Help

Global Advice and Consulting

By Jurisdiction

Regionally targeted assistance for asset managers in compliance program development, implementation and maintenance

By Jurisdiction
Incident Response and Litigation Support

EU Regulation

Comprehensive compliance and regulatory support for EU firms.

EU Regulation



How Businesses Must Prepare for the Impact of GDPR in Asia-Pacific