As organisations seek to improve  customer experience, and secure the competitive advantage associated with brand trust, it is crucial they use consumer personal information assets in the most appropriate way.

With the increasing take-up of cloud computing, and the globalization of systems, processes, and supply chains, coupled with the proliferation of social media and mobile devices, more consumer data is being collected, retained, disclosed, and transferred around the world.

This, in addition to the constantly evolving nature of organisations due to mergers and acquisitions, organisational restructuring, new system implementations and the complex, changing legal and regulatory landscapes, has resulted in privacy becoming one of the tougher challenges currently facing organisations.

Considerations for executives

To minimise risks, and the amount of time it will take to meet new and evolving regulations, organisations first need to adopt a fresh mind-set on navigating the risk landscape. To accomplish this, the following should be considered:

1. Do I understand my organisation’s privacy obligations, risks, and if our compliance strategy is fit for purpose?
2. Am I making sound decisions and plans with regard to technology and business transformation initiatives involving personal information (e.g., customers and employees)?
3. Do I have a clear view of what personal information is being processed where, by who and for what purpose?
4. Am I confident in my organisation’s ability to detect and manage a data breach effectively?
5. Do I monitor both internal and third-party supplier compliance in respect of privacy and security?
6. How does regulation impact our enterprise operations and risk appetite?

How we can help

At KPMG in Bermuda, we have significant  experience supporting organisations, helping them to address their privacy challenges. Our professionals can adopt a structured and flexible approach to meet the needs of your business. The areas where we can add value, include:

• Assessments - Provide an independent assessment of current risk profile and how this compares to desired state.
• Design - Design a Privacy Compliance Program to meet requirements of legislation.
• Strategy - Develop a pragmatic privacy strategy and gain buy-in from senior management.
• Monitoring - Support you in maintaining your privacy control environment.
• Operations - Provide ongoing support and advice to assist you in operating your control environment.
• Implementation - Support the implementation of robust and sustainable processes, policies and controls to allow you to mitigate your privacy risk.

For more information on KPMG's Privacy services and how we can help, please contact us today.