Data & Privacy - Privacy Transformation

Privacy Risk Assessments

Privacy Risk Assessments are a key element in focusing your efforts where they matter the most and something that is expected by the Data Authorities as standard.

Challenges

Organisations that do not know where their risks lie and how to mitigate them may face fines.

Despite adequate risk assessments being key to fulfilling the supervisory authorities’ accountability requirements and expectations, many businesses have not yet conducted a full risk assessment of their systems and processing activities.

As a result, businesses typically experience several challenges:

  • Gaps in understanding what the most high-risk processing activities in a business are;

  • A lack of mitigation of high-risk processing activities;
  • The potential risk of regulatory non-compliance due to a lack of accountability in processing as a result of insufficient risk assessments and documentation;

  • A lack of data protection impact assessments (DPIAs) or gaps in necessary DPIAs - another regulatory requirement of the GDPR;

  • Data subjects' rights may unknowingly be infringed due to a lack of overview of processing activities.

Our Privacy Team understands how these challenges can affect your business and is able to provide services to close these gaps and increase the understanding within your organisation as to where the risks lie and how to best mitigate them. We specialise in risk mitigation and can provide you with an assessment of the technical and legal implications.

Our approach

Deloitte is able to offer a proven method to ensure that your organisation has an in-depth understanding of data privacy risks throughout operations.

  1. Creation of a processing overview

    If a complete overview of data processing activities does not yet exist, Deloitte will create one in order to better ascertain how data flows within the business.

  2. Assessment and categorisation of processing activities

    All of the processing activities are risk-assessed and categorised by a privacy expert in order to gain a holistic view of where data processing risks lie within the business.

  3. Rating of risks

    Risk ratings are given to each processing activity and system, not only providing an overview of data processing risks but also making a prioritisation for the work to follow and creating a key piece of evidence in demonstrating the accountability requirement of the GDPR.

  4. Mitigation of risks and road maps

    Based on these risk ratings, mitigation measures will be offered along with suggestions for the expected necessary resources to address them. Further, recommendations will be provided for whether to carry out a further Data Protection Impact Assessment (DPIA) on specific processing activities.

  1. Creation of a processing overview
  2. Assessment and categorisation of processing activities
  3. Rating of risks
  4. Mitigation of risks and road maps

If a complete overview of data processing activities does not yet exist, Deloitte will create one in order to better ascertain how data flows within the business.

All of the processing activities are risk-assessed and categorised by a privacy expert in order to gain a holistic view of where data processing risks lie within the business.

Risk ratings are given to each processing activity and system, not only providing an overview of data processing risks but also making a prioritisation for the work to follow and creating a key piece of evidence in demonstrating the accountability requirement of the GDPR.

Based on these risk ratings, mitigation measures will be offered along with suggestions for the expected necessary resources to address them. Further, recommendations will be provided for whether to carry out a further Data Protection Impact Assessment (DPIA) on specific processing activities.

Why Deloitte?

Awarded market leaders

We strive to continuously lead the market in the area of cyber risk and security services. We are awarded and acknowledged by some of the most renowned institutions within the area of cyber, e.g. Gartner, ALM Intelligence and Forrester. In 2020, we were named global leader in Security Consulting Services for the 9th year in a row by Gartner.

Leading-edge technologies

We are committed to investing in innovation and emerging technologies to ensure that we are equipped with the latest tools to solve current and future challenges for our clients. Alliances with market-leading cyber vendors and groundbreaking startups around the world offer our clients access to a wide range of cyber-risk technologies and leading-edge technology innovation.

Global intelligence delivered locally

We have the largest professional services network in the world. Diversity across our cyber teams helps us work across the globe with a local and personal lens. We have over 8,600 dedicated cyber-risk service practitioners of which 1,300 are dedicated to Europe and the Middle East alone, ready to help our clients everywhere with any challenge.

End-to-end cyber-risk services

We cover every aspect of cyber risk — from advisory and implementation of strategic transformations to managed security services, product solutions and incident management. This enables us to deliver more resilient and silo-breaking solutions, taking the whole business chain into account. This helps our clients to leverage their potential and growth even more.

Reach out

For a greater understanding of risks within your business relating to personal data processing, please contact our team today.

We have gained extensive legal and technical expertise through hundreds of privacy assessments made in Denmark and abroad for businesses just like yours.

Tommaso Di Carlo

Senior Manager