This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

International In-house Counsel Journal logoInternational In-house Counsel Journal logo

GDPR Regulatory Compliance and the Role of Internal Audit: Theoretical & Practical Approach

December 2018
Data ProtectionFMCG

Abstract

The General Data Protection Regulation (GDPR) is already in place from 25 May 2018, when it superseded EU member state implementations of the 1995 Data Protection Directive (DPD). Compliance with the GDPR is a legal requirement and can directly impact an Organization’s reputation and shareholder’s value. Sanctions for non-compliance include fines (maximum 4% global turnover), orders to stop using data or for measures to make its use compliant, regulator audits, and “class action” by privacy groups (e.g. consumer privacy groups or prompted by Works Councils). Other data protection sanctions include criminal sanctions for certain breaches and there is increasing support in the UK and other jurisdictions for extending personal liability to directors and managers. The GDPR introduces new obligations, strengthens existing requirements and enhances people’s rights in relation to their personal data. The legislation applies not only to EU affiliates that process personal data of anyone regardless of where they reside, but also applies to non-EU affiliates that process personal data relating to people within the EU. According to an old adage, there is no such thing as bad publicity. Data leakage cases throughout the years proved that it is not enough for companies to develop and implement comprehensive privacy practices, they need also the assurance that the practices are functioning as intended in an ever-changing risk environment and internal audit is the most important provider for this.

Read Paper

Author

Portrait image of Nikolaos Dounis
Nikolaos Dounis
Cluster Internal Control & Compliance Manager, Imperial Tobacco Group, Greece

Professional experience of more than fifteen (15) years in leading edge Multinational Organizations and Industries (Tobacco, Telecoms, Banking, Manufacturing) in Internal Audit, Risk & Compliance roles. Currently working as the Cluster Internal Control & Compliance Manager of Imperial Tobacco Group, responsible for the South East Europe Cluster (Italy, Greece, Romania, Bulgaria, Cyprus, Malta, Israel, Palestine Markets). Previously worked in Internal Audit and Consulting roles in Cosmote Mobile Telecommunications and PwC respectively. Strong Academic & Theoretical background, encompassing a PhD and MsC in Internal Auditing & Management from a leading edge institution (Cass Business School - City University of London), with continuous development via publications and presentations in International Academic Conferences and Associations. International Professional Qualifications of Certified Internal Auditor (CIA), Certified in Risk Management Assurance (CRMA), Certification of Teaching in Higher Education (City University of London) and Authorized Professional Trainer conducting seminars and trainings.

Company

Imperial Tobacco Group

Imperial Tobacco Group is an international fast moving consumer goods company with a strong track record of creating value for the shareholders, geographic diversity and a core business built around an optimized tobacco portfolio.

Related Papers

India's New Regime of Personal Data Protection - Comprehensive yet Comprehensible…
India unveiled a draft of its Personal Data Protection legislation for public comments in November 2022. The proposed law christened as the Digital Personal Data Protection Bill, 2022 will be...Read more
Portrait image of Dev Bajpai
Dev Bajpai
Wholetime Director & Chief Legal Officer, Hindustan Unilever Limited, India
The Evolving Legal Landscape of Intermediary Liability in India: A Deep Dive
India’s tryst with internet intermediary liability can be traced back almost two decades to when the Information Technology Act (IT Act), 2000 saw the light of day. With the rapid...Read more
Portrait image of Amit Sindhwani
Amit Sindhwani
Head of IPR, Usha International, India
Portrait image of Rajendra Kumar
Rajendra Kumar
Founding Partner RKR & Partners, RKR & Partners, India
New Data Protection Bill in India
This article attempts to share key provisions of the Digital Data Protection Bill, 2022 that is set to bring new law on data privacy to life in India. Whilst it...Read more
Portrait image of Kiran Chitale
Kiran Chitale
B.Com, LL.B., FCS, Pune, India, India
Issues Deriving from Limitation of Liability Clauses From a Data Protection Perspective and Possible Remedies:
The limitation of liability clauses are usually structured as to restrict one of the parties’ legal responsibility to: direct damages; a sum not exceeding a certain cap (generally, consideration paid...Read more
Portrait image of Silvia Gorlani
Silvia Gorlani
Data Protection Officer, Mediamarket SpA (Mediaworld), Italy
Portrait image of Simona Di Girolamo
Simona Di Girolamo
Privacy Officer, Mediamarket SpA (Mediaworld), Italy