EDM Council Report Finds Data Management Key to GDPR Compliance

EDM Council has published a comprehensive report identifying the critical role data management must serve for firms to comply with the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. GDPR states that all businesses, regardless of where they are located, must protect the personal data and privacy of people in the EU.

The EDM Council report, “General Data Protection Regulation (GDPR): The Role of Data Management,” was developed with 40 expert practitioners from 24 member firms, including 14 global systemically important banks (G-SIBS) and regional banks. The report points out that, because the privacy function is executed across the enterprise wherever personal data is managed, compliance to GDPR is only achievable where a comprehensive data management framework is in place. The group concluded that using the EDM Council’s DCAM™ (Data Management Capability Assessment Model) provides the structure and critical capabilities for supporting the data and data management requirements of GDPR compliance.

“Through the efforts of our GDPR Working Group, we are pleased to publish “General Data Protection (GDPR): The Role of Data Management”, describing the data management best practices needed to help organizations from all industry comply with GDPR,” said John Bottega, Executive Director of the EDM Council. “This is an important example of how the EDM Council continues to collaborate with industry experts in order to bring value to its members and to all industries impacted by GDPR.”

The EDM Council report is timely, given the impending GDPR deadline of May 25 and risks of non-compliance being as high as the larger of 4% of annual global revenue or €20 Million. Despite these factors, many firms remain unprepared. According to an April 2018 survey by Cordium, more than half of investment firms will not be ready. However, the financial industry may be somewhat more prepared than other industries due to its history of dealing with financial services regulation.

The EDM Council report, along with two supporting documents, “GDPR Requirements Analysis Quick Reference Guide” and the “GDPR Work Group Analysis Worksheet” are available online at www.edmcouncil.org.


The EDM Council is a 501(c)(6) non-profit trade association founded to elevate the practice of data management as a business and operational priority. The Council is a leading advocate for the development and implementation of data content standards and the publication of data management best practices. More than 200 firms and 7,000 professionals are members of EDM Council. For more information, visit www.edmcouncil.org.

Related Articles