Deloitte Privacy Programme
Data is a company's greatest asset
The European Union has adopted the General Data Protection Regulation (GDPR) directly effective as of May 2018, which applies to all data handling within the EU and the handling of all personal data of EU citizens.
The new regulation affects several of a company's functional areas; therefore data handling may not be regarded as merely a legal challenge in the future. A close cooperation of the individual functional areas will be necessary for GDPR compliance, and its implementation is a key strategic issue.
GDPR in one minute
Deloitte Privacy Programme
Data is a company's greatest asset. Not only does the Deloitte Privacy Programme help your company avoid a penalty of up to EUR 20,000,000, but it also exploits business opportunities hidden in the otherwise necessary reconsideration of the data handling unit. Our service is an efficient response to the complex challenges posed by GDPR, it improves the data flow between the individual functional areas, and ensures that by 2018 your company is prepared to face the radical changes of the regulatory environment.
See how we can assist you:
Get in touch with our experts!
Ask for consultation
Functional areas concerned
Assessment of high level directions and risk appetite on which to build the data protection organisation is a strategic task. Also, the data protection organisation needs to be built in practice, which -- in addition to the theoretical framework -- may need material and other resources.
Communication, training, awareness
To ensure continuous compliance with GDPR, it is essential to build a culture of company level awareness. Employees need to learn about the new GDPR requirements, which requires the development of complex educational and internal communication processes.
Data protection operation
Data protection must be involved in project methodology as a key issue. Entities must enforce practical data protection measures in the concept development of new or modified products. With a view to a sustainable data protection organisation, companies need regular impact assessments as well as information about audit and certificate options.
A strong and extensive data protection organisation must be established. Concept development includes defining positions and roles of key players (data protection officer), as well as the development of accountability pertaining to data protection.
Processes, guidelines, data management, data transfer
Partner relationships with regard to data protection must be developed in cooperation with business areas. The development and implementation of these processes may pose challenges to companies (access rights, data protection, data infringement reporting), and handling these challenges are key to compliance.
Data processing inventory
The data processing inventory is a key element of the data protection programme, which must be established for GDPR compliance.