Program: General Data Protection Regulation (GDPR)

Case:The General Data Protection Regulation will become effective per May 25th 2018. It is a single pan-European law applicable to all companies, which for the first time will unify all Privacy/Data Protection legislation in the EU. The regulation will cause significant disruption to how companies store, manage and process personal data.

The NN group wide GDPR Program was initiated in September 2016 to ensure compliance to the new European regulation by May 2018. By December 2016 the program strategy, governance and corporate roadmap were defined and approved. Specific attention was given to select the most optimal consultancy partner for NN. The transparent and conscientious way this was executed led to wide support for the program strategy and roadmap among the stakeholders.

For NN-Group not only the impact of GDPR is quite big, it also stretches over the entire company. Furthermore, its implementation is unpreceded in its kind. As Program Director I had to digest the business impact, translate this into a sound program strategy forward and to align the very diverse set of NN stakeholders, to successfully fulfil the role of trusted advisor in guiding and advising the executives of corporate legal through the start-up phase.