Assurance Reporting for Privacy and Data Protection

Demonstrating appropriateness of design and operational effectiveness of your privacy and data protection controls

Service areas

ISAE 3000 attestation wrt. GDPR

Your challenges

  • You're looking for a way to respond to regulatory reporting requirements or presenting public claims of compliance?
  • You want to set yourself apart from competition and give customers the type of information they need to trust you
  • You intend to demonstrate your Corporate Social Responsibility and sustainability commitment to customers and employees.

What does it include?

  • An opinion from a knowledgeable third party of your internal controls supporting Data Privacy objectives on three dimensions: (1) design, (2) implementation, and (3) operating effectiveness, aligned with the CARPA framework developed by the CNPD.

Key benefits

  • Leading with trust, by embedding a governance and monitoring framework that promotes the right behaviours and improves information reliability;
  • Protection of your reputation by safeguarding your most important asset - your brand;
  • Enhanced internal controls and performance by using a world-known attestation mechanism

Key deliverables

  • An ISAE3000 assurance report on internal controls supporting data privacy objectives, aligned with the requirements of the CARPA framework.

CARPA certification (being developed by the CNPD)

Your challenges

  • You want to demonstrate your clients, employees and counterparts that you comply with the key principles of the GDPR?
  • You look to be ahead of competition and demonstrate your accountability with core data privacy principles?
  • You do business outside of Luxembourg and want to demonstrate your partners that you comply with you core requirements as to data privacy?

What does it include?

  • An opinion from a knowledgeable third party of your internal controls supporting Data Privacy using an ISAE3000 report;
  • A public certificate demonstrating your compliance with the core requirements of the GDPR.

Key benefits

  • An ISAE 3000 report focusing on areas you would define;
  • A recognition of your ongoing efforts to comply with data privacy requirements;
  • A certificate with EU-wide recognition.

Key deliverables

  • A certificate granted as per the CARPA framework (soon).

Contact us

Frédéric Vonner

Partner, Regulatory Advisory Services, PwC Luxembourg

Tel: +352 49 48 48 4173

Guy Brandenbourger

Partner, Industry & Public Sector, Healthcare Leader, PwC Luxembourg

Tel: +352 49 48 48 2386

Antonin Jakubse

Senior Manager, PwC Luxembourg

Tel: +352 49 48 48 4412

Stay Connected: