Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Managaement
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social Responsibility
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.

Key Insights Blog

Read the latest insights from our experts on GRC and risk management

12 August 2016

3 things every CEO needs to know about the new General Data Protection Regulation (GDPR)


Dice.jpgThe General Data Protection Regulation is in its final phase of implementation and will become law in all EU Member states in May, 2018. I recently took part in a Roadshow with Norton Rose where we talked to legal and IT representatives from leading European companies about the implications of GDPR on their business.

Here are my thoughts on the what is most relevant for the CEO:

1. Fines for non-compliance are up to 4% of Global Turnover

The maximum fines for non-compliance with the new regulation are the higher of €20m or 4% of the organisation’s worldwide turnover.

This will certainly focus the mind for most companies in terms of the priority they place on the need to achieve compliance.

2. GDPR will become law on 25th May, 2018

European Law broadly takes two forms, Directives and Regulations. Directives are issued by European Parliament and must then be enshrined in the Laws of each member state by implementation in local legislation. This typically leads to a level of inconsistency in the application of the law and also increases lead times to its implementation.

Since GDPR is a Regulation law it will become legally binding in all member states once implemented by the European Parliament.

3. Brexit won't affect your compliance obligations

Brexit is likely to be irrelevant for most companies in terms of their GDPR compliance obligations. If your business operates in Europe then compliance with GDPR will be required, irrespective of the future relationship that Britain has with the European Union.

Whilst GDPR will not directly apply to the UK post Brexit, the Information Commissioner’s Office (ICO) has emphasised that the UK will need to prove ‘adequacy’ if it wants to trade with the single market on equal terms. In practice this means that the UK is expected to mirror the EU's data protection legislation meaning that a need to achieve compliance with the new regulation is likely either way.

CTA Should your employees be sharing that?