Personal data and GDPR matters
“Personal data protection has been increasingly scrutinized by Russian and European regulators. Tougher penalties for personal data breaches in Russia along with the adoption and wide enforcement of the GDPR in the EU make personal data services an important part of compliance services”
Ekaterina Portman, Director of Deloitte Legal, Head of Data Protection Practice of Deloitte CIS
Why Deloitte Legal?
- A global network of professionals. Our team is part of Deloitte’s global network of companies, which enables us to implement complex international projects and engage international and local personal data protection professionals in Europe, Asia, and other regions.
- Comprehensive solutions. We integrate the expertise of our specialists across various disciplines (such as taxes, IT, risk management, finance) to suit the specific requirements of each project.
- Extensive experience. Deloitte Legal was among the pioneers of personal data protection compliance. Our clients include major banking conglomerates and industrial companies.
- Qualifications. Most specialists in our team are members of the International Association of Privacy Professionals (IAPP). We have CIPP/E-certified lawyers, recognized by the leading international rankings (such as Best Lawyers).
Who can benefit from our insights
Personal data protection is important to all companies processing personal data of their clients, employees and their family, and third parties (such as the users of the company’s websites, web-platforms, and applications, etc.).
Personal data protection laws set higher compliance requirements for:
- owners of websites or online interfaces, where users enter their personal data
- online marketplaces
- owners of call-centers and concierge services
- member companies of international holding groups, engaged in intra-group data transfer that is subject to the GDPR requirements
- companies processing biometric and special categories of personal data.
How we can help
Deloitte Legal offers a wide range of data protection services, enabling its customers to implement high-level compliance systems for personal data protection, which adds to their reputation and strengthens customer confidence.
We provide the following services to ensure compliance with Federal Law No. 152-FZ and the GDPR:
- comprehensive review of personal data processing, including:
- identification of processed personal data (PD), PD subjects, the location, means, and methods of data processing, and individuals with access to PD
- interviews with employees to understand how PD are being processed
- review of websites, online services, and applications to verify compliance with the PD legislation
- review of corporate PD-protection guidelines and policies
- review of contractual arrangements for PD processing or transmission.
- review of GDPR applicability
- verification of compliance with 152-FZ and the GDPR; risk mapping and advice on mitigating the identified risks
- development of an action plan and roadmap to align the existing processes with 152-FZ and the GDPR requirements
- development of intragroup or intracompany PD flowcharts
- drafting of notifications of PD processing, GR support
- drafting of internal documentation in line with 152-FZ and the GDPR
- workshops for employees dealing with PD; raising employees’ awareness of the key PD processing principles and PD confidentiality, and preparation of internal informational materials.