GDPR Regulatory Compliance and the Role of Internal Audit: Theoretical & Practical Approach

Nikolaos Dounis, Cluster Internal Control & Compliance Manager, Imperial Tobacco Group Plc

The General Data Protection Regulation (GDPR) is already in place from 25 May 2018, when it superseded EU member state implementations of the 1995 Data Protection Directive (DPD). Compliance with the GDPR is a legal requirement and can directly impact an Organization’s reputation and shareholder’s value. Sanctions for non-compliance include fines (maximum 4% global turnover), orders to stop using data or for measures to make its use compliant, regulator audits, and “class action” by privacy groups (e.g. consumer privacy groups or prompted by Works Councils). Other data protection sanctions include criminal sanctions for certain breaches and there is increasing support in the UK and other jurisdictions for extending personal liability to directors and managers. The GDPR introduces new obligations, strengthens existing requirements and enhances people’s rights in relation to their personal data. The legislation applies not only to EU affiliates that process personal data of anyone regardless of where they reside, but also applies to non-EU affiliates that process personal data relating to people within the EU. According to an old adage, there is no such thing as bad publicity. Data leakage cases throughout the years proved that it is not enough for companies to develop and implement comprehensive privacy practices, they need also the assurance that the practices are functioning as intended in an ever-changing risk environment and internal audit is the most important provider for this.

Read full paper Subscribe to the IICJ
Greece Data Protection FMCG December 2018 Vol.11, No. 45, Autumn 2018

Nikolaos Dounis

More

Professional experience of more than fifteen (15) years in leading edge Multinational Organizations and Industries (Tobacco, Telecoms, Banking, Manufacturing) in Internal Audit, Risk & Compliance roles. Currently working as the Cluster Internal Control & Compliance Manager of Imperial Tobacco Group, responsible for the South East Europe Cluster (Italy, Greece, Romania, Bulgaria, Cyprus, Malta, Israel, Palestine Markets). Previously worked in Internal Audit and Consulting roles in Cosmote Mobile Telecommunications and PwC respectively. Strong Academic & Theoretical background, encompassing a PhD and MsC in Internal Auditing & Management from a leading edge institution (Cass Business School - City University of London), with continuous development via publications and presentations in International Academic Conferences and Associations. International Professional Qualifications of Certified Internal Auditor (CIA), Certified in Risk Management Assurance (CRMA), Certification of Teaching in Higher Education (City University of London) and Authorized Professional Trainer conducting seminars and trainings.

Imperial Tobacco Group Plc

More

Imperial Tobacco Group is an international fast moving consumer goods company with a strong track record of creating value for the shareholders, geographic diversity and a core business built around an optimized tobacco portfolio.

Greece Data Protection FMCG December 2018 Vol.11, No. 45, Autumn 2018