The aftermath of Storm GDPR


It has been a year since ‘Storm GDPR’ swept across the EU and the rest of the world as the General Data Protection Regulation (GDPR) took effect on 25 May 2018. Like with any calamity of magnitude, there were those who were prepared for Storm GDPR, and those that weren’t.

Although a year has passed since the storm, businesses are still struggling to come to terms with the sheer scale and complexity of the GDPR. As predicted, even though the new regulations were localised to the EU, the effects of the GDPR were felt on a worldwide scale. In the new technological-driven world where data privacy is becoming more and more prevalent, many territories outside of the EU are slowly looking to adopt regulations similar to the GDPR. So, the question remains, where does the middle market stand in the landscape left in the wake of ‘Storm GDPR’? We asked some of RSM’s international experts about the journey they have taken clients on over the last year, and discussed the key issues that businesses are facing now that GDPR has impacted their regions.



The adoption of data protection principles across Africa is still in its infancy, and consequently, most organisations were not fully compliant with the GDPR when it came into effect last year.

Read more

Asia Pacific


When the GDPR came into effect last year, only a small minority of organisations in Asia Pacific could be considered to be fully compliant.


Read more



In Europe, organisations undertaking personal data discovery and determining what data can be stored and for how long has been time consuming and complex for many businesses trying to comply with the GDPR.
Read more

Latin America


Countries in Latin America have seen local regulations, similar to the GDPR, coming into force during the last year, leading to an increased knowledge about data protection regulation

Read more



Certain organisations in MENA, adopted all or part of the GDPR requirements as a good business practice and to ensure counter-party trust.

Read more

North America


While the GDPR principles has proven challenging in North America, it is the constraints around purpose and storage limitation that have posed the most significant challenge.

Read more