Navigating the role of the Data Protection Officer

Life as a Data Protection Officer (DPO) can be challenging, with numerous tasks to complete and too few days in the week. Not only do you have to deal with day-to-day matters, but you are also responsible for strategy and governance, dealing with subject rights requests, internal reviews, assisting marketing and HR, and potentially, at some point, dealing with a breach! You may often feel stretched and in need of support. Don’t panic. Help is at hand. PwC has a range of services and support designed with your needs in mind.

Service areas

DPO function implementation and review

Your challenges

  • How is data privacy organised in your company?
  • Is your data privacy manager or DPO properly equipped to cope with the regulator's expectations?
  • How can you demonstrate accountability with GDPR on paper and in practice?
  • Have you assessed all data privacy risks?
  • Can you react in 72 hours should a data breach happen?


What does it include?


Depending on your requirements, we could provide you with:

  • Comprehensive GDPR health-check of your organisation, whilst involving and training the key stakeholders and identification of risks by GDPR and data privacy experts;
  • Specific recommendations tailored to your organisation including a detailed action plan adapted to your situation;
  • Drafting or review of GDPR-related procedures and policies;
  • Assistance with change management, including training sessions, covering all the key elements of the GDPR;
  • Identification and assessment of the relevant risks, security measures in place and evaluating the remaining risks;
  • An evaluation of processing activities requiring a DPIA and performing them;
  • Real-life examples of GDPR in organisations, similar to yours, including, for example, a data breach assessment or a data subject request;
  • Fully tailored simulation of "real-life" situations within your organisation, incl. data subject request and data breach;
  • A complete scan of your drives (structured and non-structured) data including the identification of personal data which is no longer being used or which exist as copies created during the life cycle of the data;
  • Attacks from the internal network (malicious employee/ third party, client in a meeting room, etc.), from the Internet, targeting exposed infrastructure (public servers, etc.) or employees (phishing, etc.) or on mobile devices and mobile applications.


Key benefits

  • Timely assistance by a team of experts in the field;
  • Standardized and proven risk assessment approach throughout the organisation;
  • Tailored approach, aligned with your organization's business objectives;
  • Simulation of real-life cases prepared and assessed by a team of GDPR experts, designed to your activities;
  • A precise view of how your entity would withstand the test of a real data privacy event, data subject request or data breach;
  • Fully automated scan and classification of your storage within weeks;
  • Classification criteria completely adapted to your organisation;
  • Thorough reports, covering access rights, classification categories enabling to assess the security measures in place;
  • Attacks can be fully tailored to your needs and expectations;
  • Tests are run in confidentiality, ensuring "real-life" simulations and results.


Key deliverables

  • Gap & risk identification report, including recommendations to address identified gaps;
  • Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits";
  • GDPR-related policies and procedures;
  • Inventory of personal data processing (art.30), highlighting these requiring a DPIA;
  • Completed DPIA;
  • GDPR-awareness training sessions or e-learning;
  • Thorough assessment of the operational readiness and application of your policies and procedures;
  • Detailed comments and recommendations on your GDPR-related documentation;
  • Report of personal data usage, classification and access within your organisation;
  • Penetration test report (including main findings, recommendations to fix the discovered flaws and improve your security level).

Contact us

Frédéric Vonner

Partner, Regulatory Advisory Services, PwC Luxembourg

Tel: +352 49 48 48 4173

Guy Brandenbourger

Partner, Government and Public Sector Leader, Industry and PS deputy Leader, PwC Luxembourg

Tel: +352 49 48 48 2386

Antonin Jakubse

Senior Manager, Privacy, PwC Luxembourg

Tel: +352 62133 44 12

Stay Connected:

Required fields are marked with an asterisk(*)

Please select the cybersecurity service(s) you are interested in and would like to discuss further

Please select the privacy service(s) you are interested in and would like to discuss further:

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Hide