Site Search

Menu

Services

Menu

Strategy&

Featured

Rethink Risk

Business in focus

Transformation

Loading Results

GDPR - the importance of data protection

Tom Riddell-Webster has been appointed as our Data Protection Officer. He is the contact point in the firm for individuals and the regulator regarding personal data matters, while being independent of the business.

We take our duty to our staff and our obligations to our clients seriously when it comes to handling personal data. Our preparation for the introduction of the EU General Data Protection Regulation (GDPR) started two years before the regulation actually came into force in May 2018.

Some of our preparation can be explained as followes; we evaluated over 700 IT systems and applications that hold personal data, analysed 4,400 suppliers, amended more than 850 contracts and documented over 450 personal data processing activities.

But much of the story is about people, and we’ve also trained 19,000 of our UK staff on GDPR. Our belief is that the safeguarding of data, including personal data, is the responsibility of all partners, staff and contractors of PwC. In addition to privacy and data protection legislation, we have a professional obligation to our staff, clients and other third parties to keep information secure, protect it from unauthorised access and comply with relevant regulations and policies.

Our internal programme was much more than just an awareness exercise.  It was aimed at establishing improved cultural norms, values, beliefs and behaviours that relate to data protection across PwC. We launched a campaign to encourage staff to ‘Minimise, Anonymise, Secure and Delete’ personal data. That paved the way to establishing a new mindset around data that would become a normal way of working, well beyond the new regulation actually going live.

Tom Riddell-Webster

Tom Riddell-Webster, Data Protection Officer, PwC UK

The steps we’ve taken

We’ve helped the firm prepare for GDPR by:

  • updating our policies, contract templates, and agreements with clients and suppliers to reflect the new legal requirements under GDPR;

  • training our people, and embedding good data handling practices and behaviours, and helping individuals understand their role in ensuring the firm acts in a way that is compliant with the principles of GDPR;

  • reviewing our IT systems, policies and governance with a view to implementing technical and organisational measures designed to protect personal data in our possession

  • reviewing our third parties and their level of GDPR compliance

  • identifying and documenting all personal data processing activities; and updating our incident response and data subject rights processes.

 

Watch our video on how we prepared our people for the new GDPR regulation.

Playback of this video is not currently available
1:35

GDPR - the importance of data protection

Related content

Contact us

Annual Report enquiries

Corporate Affairs, PwC United Kingdom

Email
Follow us
Audit Consulting Deals Risk Tax Industries About us Offices Media centre Careers Alumni Sitemap

© 2015 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.