The General Data Protection Regulation (GDPR) introduced the largest change to data protection legislation since the European Data Protection Directive in 1995. The potential for heavy fines featured large in media headlines and, as a result, organisations undertook wide-scale privacy change programmes in preparation for the GDPR live date of 25th May 2018.
That said, GDPR is much more than a one-off change programme. To date, the focus has typically been on remediating old and existing systems, updating third-party arrangements, delivering training and amending business processes and practices. However, organisations are now beginning to plan ahead and consider how to embed privacy into everything they do, with technology at the heart of change.
With the introduction of new data privacy legislation across the world, the need to coordinate global data privacy requirements becomes increasingly important in the implementation of sustainable, forward-looking changes to the operational, technological and data layer of many organisations.
At PwC, we have the capabilities to support clients along their compliance journey and advise on forward-looking strategies and organisational transformations to enable client-centric, technology-driven data privacy compliance. We can help organisations:
- Assess their data strategy and governance in view of global data privacy requirements and provide advice on changes to improve synergies in line with regulatory requirements.
- Review, advise on and execute technology transformation programmes to embed data privacy into organisations’ technology and data layers, enabling the ethical development of technologies and operationalising 'privacy by design' into every layer of the organisation - to build consumer trust and confidence.
- Review and advise on GDPR in response to corporate changes, such as mergers & acquisitions. This includes current state assessments of incoming entities, the review of target operating models for GDPR considerations, due diligence, etc.
- Support internal audit functions in the review of GDPR compliance and provide advice on recommended actions, based on industry best practice.
- We can help organisations assess technology, supplier and third-party compliance, providing assurance across networks.
- We can provide SME support in responding to the regulator, third parties and the public following data privacy breaches and help develop and implement plans for identifying and addressing the root cause of the incident.
- Identifying and providing support for data remediation programmes with the aim of de-risking data environments (both structured and unstructured). This includes support in reducing the amount of personal data held, introducing processes and controls and fundamentally changing attitudes towards data management throughout whole organisations.