Georges Ataya


The five knowledge domains for a successful GDPR implementation

Beyond the legal concerns related to defining the compliance requirements for organisations to implement GDPR, five domains of skills and expertise are identified to ensure a successful outcome. professor Georges Ataya shall describe those domains referring them to existing standards, professional certifications schemes, and bodies of knowledge.

1. LEGAL AND MANAGEMENT REQUIREMENTS: Applicable regulations are weighted against Business objectives to define the milestones and phases for Data Protection requirements.

2. RISK AND IMPACT ASSESSMENT: Risk Assessment and Data Protection Impact Assessment exercises shape the transformation activity.

3. COMPLIANCE TRANSFORMATION: Transformation includes program and project management, process improvement and the implementation of adequate enablers to target protection levels. Agile development, maturity tracking and step based milestones are good practices.

4. INFORMATION SECURITY AND PRIVACY: Build the secure platform within several architectural layers.

5. RESPONSE & BREACH MANAGEMENT: Response management and breach handling activities require due care and adequate preparation. 

Professor, Academic Director @ Solvay Brussels School
Managing Partner @


Michael LombartsGDPR