Privacy

Discover our services:

Operational readiness

Gap analysis

Your challenges

  • Have you assessed the readiness of your organisation in relation to the GDPR?
  • Have you identified key stakeholders within the organisation?
  • Are you aware of the main GDPR-related risks for the organisation?
  • Have you identified the possible areas of improvement?
  • Did you prioritise the remediation steps of your GDPR compliance project in an actionable roadmap with manageable deadlines?

What does it include?

  • Comprehensive GDPR health-check of your organization, whilst involving and training the key stakeholders;
  • Identification of risks by GDPR and data privacy experts;
  • Specific recommendations tailored to your organisation;
  • Detailed action plan adapted to your situation.

Key benefits

  • Timely assistance by a team of experts in the field;
  • Continuous communication to you in the project, ensuring alignment with ongoing projects;
  • Standardized and proven risk assessment approach throughout the organisation.

Key deliverables

  • Gap & risk identification report, including recommendations to address identified gaps;
  • Remediation roadmap ordered by importance of actions and estimated workload for completion, incl. identification of "low-hanging fruits".

View more

Implementation assistance

Your challenges

  • Is the understanding of the GDPR sufficient to draft policies and procedures, covering all necessary areas?
  • Were you able to identify all personal data processing activities?
  • Do you have experienced resources available to implement your remediation plan?
  • How do you ensure a correct "roll-out" and "buy-in" of the implemented measures within the organisation?
  • How do ensure proper change management in your organisation?

What does it include?

  • Application of best practices and adapting them fully to your organisation;
  • Drafting of GDPR-related procedures and policies;
  • Assistance with change management.

Key benefits

  • Timely implementation by a team of experts in the field;
  • On-the-go training and continuous involvement of your stakeholders;
  • Enjoying flexibility and a tailored approach, aligned with your organisation's business objectives.

Key deliverables

  • GDPR-related policies and procedures;
  • Inventory of personal data processing (art.30);
  • Control framework for IT security;
  • GDPR monitoring tools.

View more

DPIA completion

Your challenges

  • Have you correctly identified all personal data processing activities requiring a DPIA?
  • Do you have a proper methodology to conduct DPIAs?
  • Did you consider all mandatory steps of a DPIA?
  • Are you sure to have correctly assessed the corresponding risks?
  • Have you discussed with the appropriated persons, when conducting the DPIA?

What does it include?

  • An evaluation of processing activities requiring a DPIA;
  • Identification of the relevant risks;
  • Assessment of the risks, security measures in place and evaluating the remaining risks.

Key benefits

  • Timely performance of tasks by a team of experts in the field;
  • Involvement of and consulting the DPO at each step of the DPIA process;
  • Involvement of the personal data processing owners;
  • "Outsider" view of the organisation and risk assessment approach.

Key deliverables

  • Tailored DPIA methodology;
  • List of processing activities, where a DPIA is required;
  • Completed DPIAs, including risk assessments, evaluations and conclusions.

View more

Training

Your challenges

  • Are the staff members aware of the GDPR, and its implications on their day-to-day job?
  • Do the staff members know what to do when they receive a compliant as to data privacy?
  • Have you been following the best practices in the market place?
  • How to efficiently train staff located in various locations, with the same level of interactivity?

What does it include?

  • Training sessions, covering all the key elements of the GDPR;
  • Real-life examples of GDPR in organisations, similar to yours, including, for example, a data breach assessment or a data subject request;
  • Feedback on the usual pain points of complying with data privacy.

Key benefits

  • Training sessions tailored to your business and organizational needs;
  • Delivered by experts in the field, having a long track record of successfully delivering GDPR training sessions;
  • Trainers who engage the participants, making the sessions interactive, leaving a long lasting impact.

Key deliverables

  • Introduction to advanced training session, from new joiners and entry-level staff to C-level and board members;
  • Support material in English or French, highlighting the key elements of the regulation.

View more

Operational testing of procedures

Your challenges

  • You have drafted GDPR-related policies and procedures, but do they cover all the necessary topics?
  • Are your data privacy policies and procedures properly enforced by all members of staff?
  • Will members of staff be able to tackle real-life situations, in accordance with your policies and procedures?
  • How well do you respect the 72-hour timeframe to report high risk breaches to the CNPD?

What does it include?

  • Fully tailored simulation of "real-life" situations within your organisation, incl. data subject request and data breach;
  • Review and recommendations as per your internal GDPR documents (i.e. policies and procedures);
  • Potential improvements to your policies and procedures.

Key benefits

  • An "outsider" assessment of the enforcement of your data privacy framework;
  • Simulation of real-life cases prepared and assessed by a team of GDPR experts, designed to your activities;
  • A precise view of how your entity would withstand the test of a real data privacy event, data subject request or data breach.

Key deliverables

  • Thorough assessment of the operational readiness and application of your policies and procedures;
  • Detailed comments and recommendations on your GDPR-related documentation.

View more

Privacy IQ

Your challenges

  • You have set up a comprehensive GDPR program and struggle to follow up on your compliance plan?
  • You want to follow up on your register of data subject processing, and its updates?
  • You identify your risks and look to record and monitor them?
  • You look for a centralized place to log in and follow incidents?
  • You wonder how to demonstrate your accountability with the GDPR?

What does it include?

  • Access to a web-based portal helping the management of most parts of your GDPR compliance programme, in project and BAU modes;
  • Time-efficient deployment tailored to your needs and situation;
  • Accelerators for a risk-based approach of GDPR.

Key benefits

  • A platform built on experience, by subject matter experts;
  • Scalable to your business;
  • Access to GDPR local expertise;
  • Use on a need-to-do basis, while accessing all modules.

Key deliverables

  • Access to the Privacy IQ platform.

View more

Assurance

ISAE 3000 attestation wrt. GDPR

Your challenges

  • You're looking for a way to respond to regulatory reporting requirements or presenting public claims of compliance?
  • You want to set yourself apart from competition and give customers the type of information they need to trust you
  • You intend to demonstrate your Corporate Social Responsibility and sustainability commitment to customers and employees.

What does it include?

  • An opinion from a knowledgeable third party of your internal controls supporting Data Privacy objectives on three dimensions: (1) design, (2) implementation, and (3) operating effectiveness, aligned with the CARPA framework developed by the CNPD.

Key benefits

  • Leading with trust, by embedding a governance and monitoring framework that promotes the right behaviours and improves information reliability;
  • Protection of your reputation by safeguarding your most important asset - your brand;
  • Enhanced internal controls and performance by using a world-known attestation mechanism

Key deliverables

  • An ISAE3000 assurance report on internal controls supporting data privacy objectives, aligned with the requirements of the CARPA framework.

View more

CARPA certification (being developed by the CNPD)

Your challenges

  • You want to demonstrate your clients, employees and counterparts that you comply with the key principles of the GDPR?
  • You look to be ahead of competition and demonstrate your accountability with core data privacy principles?
  • You do business outside of Luxembourg and want to demonstrate your partners that you comply with you core requirements as to data privacy?

What does it include?

  • An opinion from a knowledgeable third party of your internal controls supporting Data Privacy using an ISAE3000 report;
  • A public certificate demonstrating your compliance with the core requirements of the GDPR.

Key benefits

  • An ISAE 3000 report focusing on areas you would define;
  • A recognition of your ongoing efforts to comply with data privacy requirements;
  • A certificate with EU-wide recognition.

Key deliverables

  • A certificate granted as per the CARPA framework (soon).

 

View more

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

Contact us

Frédéric Vonner

Partner, Privacy Leader, PwC Luxembourg

Tel: +352 49 48 48 4173

Follow us
Follow us