skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration


This report highlights further details on particular areas of responsibility in which GDPR will impact organizations, beyond those that have been detailed in earlier Ovum reports.


  • GDPR provides rights to data subjects to control processing of information relating to themselves via consent, which they can also withdraw.
  • GDPR grants rights for the processing of data subjects not to be determined solely by an automatically-determined profile.
  • GDPR introduces the need for formalities and information management relating to third-party processing relationships, which will require new capabilities to be introduced in many enterprises.

Features and Benefits

  • Details how changes that will be necessary within organizations due to GDPR can be used to general advantage.
  • Ovum believes that enterprises risk failing to fully assess the impact of GDPR on their capabilities, processes, and operations.

Key questions answered

  • How can the changes that will be necessary within organizations due to GDPR be used to general advantage ?
  • What range of disciplines within my organization should be considering the impact of GDPR?

Table of contents


  • Catalyst
  • Ovum view
  • Key messages


  • Recommendations for enterprises
  • Recommendations for vendors

Accurate consent must be obtained from data subjects – and may be withdrawn

  • GDPR enforces data subject consent strongly
  • Explicit consent is required for special categories of personal data
  • Consent levels are also defined for data relating to young people

Profiling of data on individuals must comply with GDPR stipulations

  • GDPR regulates profiling activity more stringently
  • Some businesses could face fundamental change due to regulation of profiling activities
  • Profiling is regulated by GDPR over a lifecycle

Tighter control of processing within IT supply chains is essential

  • Controller and processor roles define compliance responsibilities
  • Responsibilities for controllers are more onerous than for processors
  • Contracting arrangements are regulated by GDPR
  • Tighter controls around data breaches will be needed under GDPR


  • Methodology
  • Further reading
  • Author

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now