Being privacy friendly while outsourcing in light of the forthcoming EU Regulation

While outsourcing remains important for business, we see many companies struggling to determine what, if any, part of their operation they can outsource, and to which suppliers. Protecting personal data is often put forward as a barrier that hinders or delays successful outsourcing. Overcoming this barrier is often beyond companies due to the inherent complexity.

Failure to implement privacy and data protection correctly can result in severe legal, economic and reputational penalties. Legal consequences in Europe have ranged from liabilities and fines to a ban on processing personal data. We also see that the costs of reactive restoration and mitigation following a privacy incident are significantly higher than proactive privacy investments. Most importantly for companies is that privacy incidents lead to a loss of customer trust, resulting in reduced business or customers opting instead for a competitor’s service. In the worst cases we have seen boycotts by customers until privacy omissions were corrected. So, how is the legal situation changing at the moment? What should an organization do in order to preserve the business case for outsourcing? What should be considered before outsourcing personal data?

This whitepaper provides you with some answers. It will show you Deloitte’s framework that can help your organization in succeeding with outsourcing while staying privacy friendly.