Part Three: The Cost of Non-Compliance with the GDPR

In this installment of our blog series, Managing Privacy and Risk in Financial Services, we examine the global impact of the General Data Protection Regulation (GDPR).

Don’t ruin my reputation AND take my money!

The adjustments needed to comply with the GDPR are significant. You must comply or risk paying severe penalties of up to 4% of worldwide turnover for non-compliance. The penalty to financial services organizations are not only steep fines but reputation damage, too. ServiceNow provides a framework to help companies accelerate their journey to GDPR compliance.

 Compliance + Good Press = Happy Place

By providing a single, integrated platform, ServiceNow helps you prepare for the regulation, establish your data protection policy and associated controls, assess your compliance with the GDPR, and manage the risks related to these controls. A colleague of mine from across the pond and one of our resident compliance experts, Eric Le Martret, will pitch in to discuss the best practices to address the GDPR requirements:

GDPR – It’s everyone’s beer or a cup of tea! Everyone is talking about this and there is also high level of confusion on what it exactly is and how the regulation is applicable to organizations around the globe operating in EU.  Below I detail some best practices to aid in your developing approach to GDPR.

Best Practices to Address the GDPR Requirements:

  • Establish
    • Establish a DPO and GDPR accountability team
    • Learn and educate your teams responsible for addressing the GDPR requirements
    • Create and amend your organizational policies and procedures to match the GDPR requirements supporting CIAR (Confidentiality, Integrity, Availability & Resiliency)
  • Prevent and Detect
    • Create policy enforcement for compliance requirements
    • Apply technologies and procedures to prevent and detect security threats
    • Operationalize Risk, Security and Compliance controls
  • Assess
    • Detect and assess change to your risk and security posture, in real-time
    • Scope and calculate potential financial impact in case of a security breach
  • Respond
    • Engage regular periodic data protection audits
    • Leverage risk and security data to optimize your audit plan
    • Align response to your business priorities
    • Accelerate remediation through automation
  • Monitor
    • Get real-time, business Insight into your security and risk posture
    • Track the status of audits and compliance efforts. Remediate security threats and risks based on the impact to business services
  • Optimize and Predict
    • Align priorities with business elements vital for your compliance with the GDPR
    • Enhance security and risk Management resources
    • Optimize costs and productivity
    • Establish resiliency procedures through post incident activities
    • Create a dedicated Knowledge Base from lessons learned to predict potential future threats
    • Join and establish Information Sharing and Analysis Centers (ISACs)

Eric Le Martret is a former Chief Risk Officer and GRC consultant and is now the Senior Advisory Solution Consultant for ServiceNow’s EMEA GRC practice.


By providing a single, integrated platform, ServiceNow helps you prepare to comply with the regulation. Please see our ebook for more information on how ServiceNow solutions can help you with GDPR compliance.

See you on Monday, October 2nd, for Part Four of this Six-Part series on Managing Privacy and Risk in Financial Services.

Next posts:

Part Four: Responsible for You and Your Friends (Vendor Risk)

Part Five: We Have a Plan (NY State Cyber Regulations)

Part Six: Rinse and Repeat (IT GRC)

 Additional Resources: