Are you GDPR compliant and able to demonstrate accountability?

Data Protection Officers (DPOs) and data protection teams are typically responsible for setting standards for data protection and overseeing data protection risk management within organisations. We can provide you with the tools to carry out this oversight on an ongoing basis and assist you with demonstrating accountability.

Service areas

Gap analysis

Your challenges

  • Have you assessed the readiness of your organisation in relation to the GDPR?
  • Have you identified key stakeholders within the organisation?
  • Are you aware of the main GDPR-related risks for the organisation?
  • Have you identified the possible areas of improvement?
  • Did you prioritise the remediation steps of your GDPR compliance project in an actionable roadmap with manageable deadlines?

What does it include?

  • Comprehensive GDPR health-check of your organization, whilst involving and training the key stakeholders;
  • Identification of risks by GDPR and data privacy experts;
  • Specific recommendations tailored to your organisation;
  • Detailed action plan adapted to your situation.

Key benefits

  • Timely assistance by a team of experts in the field;
  • Continuous communication to you in the project, ensuring alignment with ongoing projects;
  • Standardized and proven risk assessment approach throughout the organisation.

Key deliverables

  • Gap & risk identification report, including recommendations to address identified gaps;
  • Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits".

Implementation assistance

Your challenges

  • Is the understanding of the GDPR sufficient to draft policies and procedures, covering all necessary areas?
  • Were you able to identify all personal data processing activities?
  • Do you have experienced resources available to implement your remediation plan?
  • How do you ensure a correct "roll-out" and "buy-in" of the implemented measures within the organisation?
  • How do ensure proper change management in your organisation?

What does it include?

  • Application of best practices and adapting them fully to your organisation;
  • Drafting of GDPR-related procedures and policies;
  • Assistance with change management.

Key benefits

  • Timely implementation by a team of experts in the field;
  • On-the-go training and continuous involvement of your stakeholders;
  • Enjoying flexibility and a tailored approach, aligned with your organisation's business objectives.

Key deliverables

  • GDPR-related policies and procedures;
  • Inventory of personal data processing (art.30);
  • Control framework for IT security;
  • GDPR monitoring tools.

DPIA completion

Your challenges

  • Have you correctly identified all personal data processing activities requiring a DPIA?
  • Do you have a proper methodology to conduct DPIAs?
  • Did you consider all mandatory steps of a DPIA?
  • Are you sure to have correctly assessed the corresponding risks?
  • Have you discussed with the appropriated persons, when conducting the DPIA?

What does it include?

  • An evaluation of processing activities requiring a DPIA;
  • Identification of the relevant risks;
  • Assessment of the risks, security measures in place and evaluating the remaining risks.

Key benefits

  • Timely performance of tasks by a team of experts in the field;
  • Involvement of and consulting the DPO at each step of the DPIA process;
  • Involvement of the personal data processing owners;
  • "Outsider" view of the organisation and risk assessment approach.

Key deliverables

  • Tailored DPIA methodology;
  • List of processing activities, where a DPIA is required;
  • Completed DPIAs, including risk assessments, evaluations and conclusions.

Training

Your challenges

  • Are the staff members aware of the GDPR, and its implications on their day-to-day job?
  • Do the staff members know what to do when they receive a compliant as to data privacy?
  • Have you been following the best practices in the market place?
  • How to efficiently train staff located in various locations, with the same level of interactivity?

What does it include?

  • Training sessions, covering all the key elements of the GDPR;
  • Real-life examples of GDPR in organisations, similar to yours, including, for example, a data breach assessment or a data subject request;
  • Feedback on the usual pain points of complying with data privacy.

Key benefits

  • Training sessions tailored to your business and organizational needs;
  • Delivered by experts in the field, having a long track record of successfully delivering GDPR training sessions;
  • Trainers who engage the participants, making the sessions interactive, leaving a long lasting impact.

Key deliverables

  • Introduction to advanced training session, from new joiners and entry-level staff to C-level and board members;
  • Support material in English or French, highlighting the key elements of the regulation.

Operational testing of procedures

Your challenges

  • You have drafted GDPR-related policies and procedures, but do they cover all the necessary topics?
  • Are your data privacy policies and procedures properly enforced by all members of staff?
  • Will members of staff be able to tackle real-life situations, in accordance with your policies and procedures?
  • How well do you respect the 72-hour timeframe to report high risk breaches to the CNPD?

What does it include?

  • Fully tailored simulation of "real-life" situations within your organisation, incl. data subject request and data breach;
  • Review and recommendations as per your internal GDPR documents (i.e. policies and procedures);
  • Potential improvements to your policies and procedures.

Key benefits

  • An "outsider" assessment of the enforcement of your data privacy framework;
  • Simulation of real-life cases prepared and assessed by a team of GDPR experts, designed to your activities;
  • A precise view of how your entity would withstand the test of a real data privacy event, data subject request or data breach.

Key deliverables

  • Thorough assessment of the operational readiness and application of your policies and procedures;
  • Detailed comments and recommendations on your GDPR-related documentation.

Contact us

Frédéric Vonner

Partner, Regulatory Advisory Services, PwC Luxembourg

Tel: +352 49 48 48 4173

Guy Brandenbourger

Partner, Industry & Public Sector, Healthcare Leader, PwC Luxembourg

Tel: +352 49 48 48 2386

Antonin Jakubse

Senior Manager, PwC Luxembourg

Tel: +352 49 48 48 4412

Stay Connected: