Navigating the role of the Data Protection Officer

Life as a Data Protection Officer (DPO) can be challenging, with numerous tasks to complete and too few days in the week. Not only do you have to deal with day-to-day matters, but you are also responsible for strategy and governance, dealing with subject rights requests, internal reviews, assisting marketing and HR, and potentially, at some point, dealing with a breach! You may often feel stretched and in need of support. Don’t panic. Help is at hand. PwC has a range of services and support designed with your needs in mind.

Service areas

DPO function implementation and review

Your challenges

  • How is data privacy organised in your company?
  • Is your data privacy manager or DPO properly equipped to cope with the regulator's expectations?
  • How can you demonstrate accountability with GDPR on paper and in practice?
  • Have you assessed all data privacy risks?
  • Can you react in 72 hours should a data breach happen?


What does it include?


Depending on your requirements, we could provide you with:

  • Comprehensive GDPR health-check of your organisation, whilst involving and training the key stakeholders and identification of risks by GDPR and data privacy experts;
  • Specific recommendations tailored to your organisation including a detailed action plan adapted to your situation;
  • Drafting or review of GDPR-related procedures and policies;
  • Assistance with change management, including training sessions, covering all the key elements of the GDPR;
  • Identification and assessment of the relevant risks, security measures in place and evaluating the remaining risks;
  • An evaluation of processing activities requiring a DPIA and performing them;
  • Real-life examples of GDPR in organisations, similar to yours, including, for example, a data breach assessment or a data subject request;
  • Fully tailored simulation of "real-life" situations within your organisation, incl. data subject request and data breach;
  • A complete scan of your drives (structured and non-structured) data including the identification of personal data which is no longer being used or which exist as copies created during the life cycle of the data;
  • Attacks from the internal network (malicious employee/ third party, client in a meeting room, etc.), from the Internet, targeting exposed infrastructure (public servers, etc.) or employees (phishing, etc.) or on mobile devices and mobile applications.


Key benefits

  • Timely assistance by a team of experts in the field;
  • Standardized and proven risk assessment approach throughout the organisation;
  • Tailored approach, aligned with your organization's business objectives;
  • Simulation of real-life cases prepared and assessed by a team of GDPR experts, designed to your activities;
  • A precise view of how your entity would withstand the test of a real data privacy event, data subject request or data breach;
  • Fully automated scan and classification of your storage within weeks;
  • Classification criteria completely adapted to your organisation;
  • Thorough reports, covering access rights, classification categories enabling to assess the security measures in place;
  • Attacks can be fully tailored to your needs and expectations;
  • Tests are run in confidentiality, ensuring "real-life" simulations and results.


Key deliverables

  • Gap & risk identification report, including recommendations to address identified gaps;
  • Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits";
  • GDPR-related policies and procedures;
  • Inventory of personal data processing (art.30), highlighting these requiring a DPIA;
  • Completed DPIA;
  • GDPR-awareness training sessions or e-learning;
  • Thorough assessment of the operational readiness and application of your policies and procedures;
  • Detailed comments and recommendations on your GDPR-related documentation;
  • Report of personal data usage, classification and access within your organisation;
  • Penetration test report (including main findings, recommendations to fix the discovered flaws and improve your security level).

Contact us

Frédéric Vonner

Partner, Regulatory Advisory Services, PwC Luxembourg

Tel: +352 49 48 48 4173

Guy Brandenbourger

Partner, Industry & Public Sector, Healthcare Leader, PwC Luxembourg

Tel: +352 49 48 48 2386

Antonin Jakubse

Senior Manager, PwC Luxembourg

Tel: +352 49 48 48 4412

Stay Connected: