GDPR compliance review

The GDPR has introduced requirements and challenges for legal functions and compliance functions. GDPR requirements change the way technologies are designed and managed. Documented data privacy risk assessments are required when implementing large new systems and technologies.

Many organizations need data protection officers (DPO) who play a key role in ensuring compliance. If the GDPR is not respected, organizations face high fines - up to 4% of global turnover. The repeated emphasis on organization responsibilities requires proactive, robust privacy management, requiring organizations to reconsider how they define privacy policies, to be understandable.

In the case of data security compromises, a notification must be sent to regulators within 72 hours, which means implementing procedures to respond to incidents. The concept of Privacy By Design has become a rule, and privacy impact assessments have become commonplace in organizations over the years. Organizations are expected to be more involved in data masquerading, pseudonymization and encryption.

Organizations must take steps to show that they know what data they have in possession, where they are stored, and who they share with, creating and maintaining an inventory of data processing activities. Data owners must work closely with privacy colleagues to ensure that all necessary safeguards are taken. A thorough inventory and information management system needs to be implemented.

How can Deloitte help?

• we assist our clients in achieving GDPR compliance

• we assist our clients in compliance with the provisions of the Law on Personal Data Protection

• we conduct a detailed GAP compliance analysis in relation to regulations with recommendations for improving.

Why Deloitte?

• local knowledge of the specifics of regulations
• a qualified team that includes legal, ICT and state experts
• more than 30 successful GDPR projects across Central Europe
• support at any stage in achieving GDPR readiness within your organization.