Skip to content Skip to footer

Loading Results

GDPR and cyber data loss response

Day-to-day data protection is the new reality of today’s customer-centric businesses

Protecting your most important asset

Data is the most important asset an organisation owns. Protecting it is one of the most critical things you do. Breaches and losses are an ever-present threat. As we move forward from the implementation of GDPR – the biggest change to data protection legislation for more than two decades – businesses are expected to operate in a new reality where data protection is embedded in everyday operations and delivered through adapted working practices and technology.

We will help you understand and manage the data you hold, mitigate the complex risks associated with non-compliance, and protect and manage your data during a deal.

Data in the post-GDPR world

After years of focusing on meeting the GDPR live date, embedded data protection is now a day-to-day reality for modern businesses. The legislation introduced complex new compliance requirements for organisations that process personal data, including rules about the content of written contracts between data controllers and processors – which means that existing contracts must be reviewed and remediated. Businesses are also required to meet requests for individual data access, accurately and within a tighter timescale.

As sensitive data breaches have become more common and severe, financial and reputational consequences have grown. Regulators take breaches seriously – demanding complex reporting requirements within strict timeframes – and are handing out serious fines for non-compliance.

Significant corporate events such as a merger or acquisition raise the stakes around data considerably. The risks of accidentally transferring or losing sensitive or valuable data increase significantly when a deal is underway. Data requires expert handling during a deal – so the right data is handed over, and the rest is protected.

In this new environment, understanding exactly what data you hold, and where it is held in your infrastructure, is an absolute necessity.

Our approach

Our team is truly global and brings together the widest possible range of disciplines and expertise including forensics, legal, data discovery and intelligent review. We combine these skills and depth of experience with the latest technological innovations and tools, to provide unparalleled support and service.

Data Discovery for GDPR

We help select the best technology to allow you to find and protect personally identifiable information (PII) on your network. We will help you carry out a vendor analysis or suggest a preferred partner, using our experience to make sure that the solution meets your exact needs. We will help you deploy, configure and run data discovery technology and work with you to review and remediate the findings.

View more

Data Subject Access Requests (DSARs)

We help businesses meet Data Subject Access Requests (DSAR), identifying, validating and responding to requests within the 30-day deadline, while minimising the disruption to the business. Our teams combine technology with GDPR-trained document review experts to validate the request, carry out data discovery, collate, de-duplicate and redact the information – in a rapid and cost-effective way. 

View more

Personal data breach management

We will work with you to make sure that you are as well prepared as you can be should a breach occur. If the worst happens, we bring together a multidisciplinary team of legal and technical experts, including forensic investigators, cyber experts and legal professionals, to advise and guide you. If you have suffered a breach we will help you respond and repair – and then find out how and why the breach occurred.

View more

Data separation

We work together with our Deals colleagues as a single integrated team, helping clients negotiating an acquisition or merger find and classify their data using sophisticated technology – giving you the confidence that your data will be handled appropriately when it is shared or migrated to another party.

View more

GDPR contract analysis

We use the latest machine learning technology to review contracts quickly, accurately and cost-effectively for GDPR compliance. But this won’t be the last data privacy regulatory change that organisations will have to navigate; our contract remediation service gives you peace of mind that your contracts comply with regulatory, technological or financial changes on a mass scale.

View more

“Your proposal annihilated the competition in terms of how you would help in our data separation exercise.”

Multinational bank


Contact us

Craig McKeown

Craig McKeown

Partner, PwC United Kingdom

Tel: +44 (0)7841 494473

Denzil Coelho

Denzil Coelho

Director, PwC United Kingdom

Tel: +44 (0)7725 706596

Ronan Magee

Ronan Magee

Digital & Forensic Investigations Director, PwC United Kingdom

Tel: +44 (0)7715 211319

Follow us