Companies collecting data from European citizens take note: a “massive” campaign has just been announced to inform consumers about their new rights under the General Data Protection Regulation (GDPR). The goal of the initiative is to better inform individuals about the rights afforded them by the new regulation that comes fully into effect in May 2018.

While companies prepare to comply, it is clear that the lead commissioner charged with overhauling data protection laws – Věra Jourová, Commissioner for Justice, Consumers and Gender Equality — intends to ensure that data protection reform is thoroughly and meaningfully implemented. As part of that enormous task, she begins by ensuring that individuals are better informed about who is handling their data and what might be done with it.

It can be expected that a more informed citizenry, armed with newly created data protection rights, will begin to demand that their rights be honored and that companies holding their data be held accountable. In short, by May of next year, individuals not only will be granted new rights under the GDPR – they will be empowered with the information necessary to exercise them.

This will require a sea change in corporate thinking about data protection and management. Her comments give us two useful indications of places to focus our efforts:

First, she wants individuals to be able to give what she called “conscious” consent to data collection and use, and to know that consent can be withdrawn if they wish. Second, she wants individuals to know where they can go to register a complaint and their rights to compensation.

I think Commissioner Jourová’s remarks signal the importance of clear, understandable notice. If one goal of the regulation is to be sure consumer consent is “conscious,” it will be important that he or she is informed about how data is used and protected. Her announcement also is a warning to companies that the GDPR’s provisions granting rights to individuals – for example to access data, withdraw consent or limit processing of data about them – must be taken seriously.

The GDPR’s requirement that companies identify someone to serve as point-of-contact for data protection issues will take on even greater importance. Responding to consumers in a timely, effective way will be critical, as individuals whose requests are not addressed or disputes are not satisfactorily resolved will be able to turn to data protection authorities for relief. That’s an outcome companies will want to avoid.

We can help you navigate the new and significant changes related to the rights in the data you collect and process. Please contact us if you want more information.


Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact