Data Privacy at Deloitte
Complying with the General Data Protection Regulation (GDPR)
At Deloitte, we are committed to protecting the confidentiality, integrity and availability of our clients’ data and to protecting our people’s personal data as well as any personal data received by our clients.
We meet this commitment by enhancing our ability as an organisation to proactively identify, assess and mitigate significant risks in relation to security, confidentiality and privacy.
Deloitte is taking all necessary actions to ensure compliance with the GDPR. The global Deloitte network supports our activities in Norway and ensure consistency across the Deloitte network in complying with the requirements for data privacy where possible.
Deloitte’s approach to GDPR compliance is to work closely with our clients to ensure that collectively we comply with privacy requirements in connection with the provision of services.
We do not anticipate material changes or other negative impacts on our service delivery due to these regulatory changes.
Deloitte’s compliance with the requirements
Deloitte will continue to collect personal data in connection with our client engagements, if such data are necessary for our work and delivery of services. We expect that the process for collection of personal data in connection with servicing clients will remain the same from an overall perspective.
We wish to promote the importance of processing personal data in a safe manner, and encourage our clients to always encrypt e-mails containing special category personal data when sending this to Deloitte.
In relation to our clients, we will accept Data Processor Agreements (DPAs) covering engagements, where we are a data processor.. In relation to statutory audit, control procedures and other assurance engagements, we are data controllers and a DPA will not be relevant for these services.
We use cloud-hosting solutions provided by third party suppliers to store and process data, including personal data. We are negotiating appropriate data processing agreements (DPAs) with all our data service providers.