The General Data Protection Regulation (GDPR) is coming into force in May 2018. Building on the long standing 1995 EU Data Protection Directive, it establishes one set of data protection law across all 27 European states and the UK. GDPR represents a profound reform of data protection law in Europe aiming to harmonise data protection regulations across the EU, including the UK.

Data protection, ensuring that sensitive personal data is treated properly in complex IT systems, has been a priority for CGI for many years. It is a business wide issue that requires an understanding of what data is held, why it is held, how it is processed and how it is protected. GDPR is the latest set of legislation requiring organisations that acquire, process, store or communicate sensitive personal data to do so with greater care. Ensuring that the security of the systems involved is appropriate is only one of the tasks that GDPR will demand of a modern digital organisation. 

CGI has produced a range of information assets to help organisations with GDPR preparedness. If you’d like to discuss these assets, or would like help with, or an independent review of your GDPR plans, please get in touch at

How CGI can help


Challenges of GDPR

Selected media coverage

  • City A.M: The business world speaks about the biggest ever overhaul of data legislation. CGI featured in this look at GDPR, key changes of the regulation and the impact on business.
  • City A.M: Why investors should be wary of firms that don't take data governance seriously. Article looking at why organisations should treat data governance seriously in the context of GDPR. CGI’s recent Cyber-Value Connection study quoted.
  • GDPR Report: GDPR: no longer business as usual? An article written by CGI, looking at how business should treat GDPR and use it to their advantage.
  • The Independent: EU data protection regulation passes in Brussels. Article exploring the right to be forgotten, with CGI commentary on how this should be treated as a business issue and not just IT.