Privacy & data protection

Maximise your use of data

Our services allow you to make maximum use of data within your databases and systems, in full confidence that you are in compliance with data privacy regulations.

Privacy governance

We can help your business build an organizational structure to tackle the planning and oversight of initiatives, actions and controls relevant to personal data and the protection of information in an organized way. Key elements taken into account when designing such governance structure are, amongst others, budget and resources available, the structure of services in the company, the (inter)dependencies existing between different departments of the company or between affiliates (in the case of multinational entities) and so on.

Design of privacy program

Our experts can assist you in building your company’s privacy program and help you to be prepared to duly demonstrate compliance with data protection requirements. 

Privacy impact assessments

Are you planning a new activity which involves the processing of personal data or do you want to change an existing one? Deloitte’s privacy experts can assess whether such initiative could entail a privacy risk and if yes, which would be the best way to address this right from the start of the project.

Data protection compliance assessments

Deloitte uses risk assessment and gap analysis to provide you with a clear overview of data protection strengths and weaknesses and suggest remediation measures where required.

Data mapping

Designed as a high-level scanning of all the data collected and processed within your organization or as a more in-depth scrutiny of data flows in certain departments or services, data mapping helps you understand the data handling practices within your organization, the means used to process information and the controls in place to protect it.

Privacy helpdesk services

You don’t have the in-house experience or available staff to respond to your privacy questions? Deloitte offers a “help desk” that, in principle, will efficiently answer any practical or legal questions you may have about privacy, ranging from issues around notification requirements through reviews of contractual clauses with your service providers or the identification of special requirements on a specific subject in a country. 

Notifications (registrations) to the Data Protection Authorities

We help your organization with the obligation to notify data processing activities and operations to the local Data Protection Authority. The service includes identifying relevant notification requirements applicable to your company, designing the notification approach, drawing up and submitting the relevant notifications and if your company desires to do so, building a notifications maintenance program to ensure that notifications’ work is appropriately monitored and managed over time. The geographies covered are all countries in Europe and all other jurisdictions outside Europe that have implemented a duty to submit notifications to the competent authorities.

Drafting and reviewing privacy policies

Does your company want to implement future-proof privacy policies and internal rules or do you want to stress-test your existing ones? Our legal team will draft the corresponding documents or review and amend existing ones. The documentation in scope could range from the design of privacy policies as such, to the review of in-house implementing procedures, guidelines, contracts, check lists and more.

Data incident procedure implementation

Do you want to be prepared when an incident happens? Deloitte will prepare an easy-to-use step plan that will serve as a guide and ensure incidents are reported and followed-up on in a timely manner. 

Access request procedure implementation

Employees, customers and business partners may submit queries on how to exercise their right to access and (re)view information you keep about them or other queries and complaints relevant to how your company handles their personal information. We can help you design a procedure to effectively manage such queries, keep track of them and address them efficiently over time in compliance with local laws and best practices.  

Privacy training

Do you want to enhance general data protection awareness or do you need training on specific privacy matters? Deloitte offers training programs that are tailored to your company’s business environment. 

European Privacy Academy

open in new window Discover more

Cross-border solutions

Does your company’s structure require you to transfer information across borders? Deloitte offers advice on the solutions that allow you to do this in a compliant way and helps you to implement the most pertinent one considering the types of data involved, the risks entailed, the jurisdictions and business areas concerned, etc. ...

Third party management

Our Deloitte professionals help you design a rationalized process to keep the providers with whom you share personal and/or other business sensitive information under control and help monitor third parties’ compliance over time. This service includes, if necessary, the drafting of standard provisions or evaluation forms to ensure that appropriate (pre)contractual requirements are appropriately addressed in the procurement phase or during the negotiation of the services agreements with your providers.  

Data retention policy implementation

We advise you on data retention and archiving requirements applicable in your country and help you design or review a data retention/archiving program for the whole organization or specific departments, taking into account existing procedures and IT applications in place, cooperation with third parties and technological solutions available. 

Get in Touch

Erik Luysterborg

Erik Luysterborg

Partner, Risk Advisory

Erik leads the Security & Privacy group as well as the European Data Protection & Privacy service line. He deals with security and privacy issues related to both traditional (out) sourcing as well as ... More