General Data Protection Regulation (GDPR) | KPMG | IE
Share with your friends

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Helping organisations address their privacy challenges.

Helping organisations address their privacy challenges.

GDPR - Are you ready for the road ahead?

In 2016, the EU adopted the General Data Protection Regulation (GDPR), replacing the 1995 Data Protection Directive. The European Commission has said that 90% of Europeans say they want the same data protection rights across the EU, regardless of where their data is processed. The reform of EU data protection rules mean people have more control over their personal data and businesses benefit from a level playing field.

These changes, which came into effect in May 2018, reflect an increased focus by the European Commission on data protection. The GDPR means one set of rules for all companies operating in the EU, wherever they are based. The following steps outline some of the key areas you should consider to help you prepare for the road ahead.

1. Do your data and privacy processes demonstrate accountability?

The Accountability principle makes businesses responsible for demonstrating compliance with the GDPR.

Businesses must have confidence in their Data Protection Strategy in order to be able to demonstrate Accountability.

Our Privacy Management Framework addresses GDPR articles by design. It covers the twelve main categories covered by the data protection regulations and analyses your control framework.

2. Can you respond to a Data Breach?

Breach notifications are now mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”.

KPMG experts have developed breach management solutions to manage, report and minimise the impact of data breaches.

3. Do you maintain sufficient Records of Processing?

Businesses must record how and what types of personal data is captured, stored and processed.

We can support the creation and management of records of personal data processing activities. Our teams work with businesses to create consolidated Personal Data Registers.

4. Are your Third Party Processors and Joint Controllers prepared?

Businesses are required to review all contractual arrangements to understand where Personal Data is shared and stored and whether this data is ever transferred outside of the European Union.

We have developed a Data Processor Assessment Model to analyse and evaluate your business’ Third Party Processors and Joint Controllers. Our Model has been specifically designed to assess ‘Organisational and Technical’ security measures against six different domains of measurement, including data and privacy management.

5. Are you aware of the Data Subject right?

The GDPR gives Data Subjects several more rights, and therefore gives businesses additional responsibility when it comes to the processing of Personal Data.

KPMG can offer a technology enabled solution to meet your needs, increasing the efficiency for your business in managing and responding to Data Subjects rights requests. We provide solutions that supports key Data Subject Request activities, importantly integrating with your existing processes and technologies to increase efficiencies in responding to requests.

6. Are you safe from an attack on personal data?

The GDPR requires businesses to build data protection safeguards into their products and services from the earliest stages of development.

KPMG’s safeguard and control assessment helps businesses to identify gaps, risks and pinpoint areas of vulnerability within your business. Our teams create solutions to minimise risks as well as working with the business to implement these controls.

7. Do you need to complete Data Protection Impact Assessments?

The GDPR introduces a new obligation to conduct a Data Protection Impact Assessment (DPIA) before carrying out new processing activities. It helps businesses to identify and address the data protection risks of any new processing activities undertaken.

KPMG offers deep expertise and support to businesses through the process of completing DPIAs, and assessing the effectiveness of privacy controls.

8. Have you prepared your employees?

Without data privacy training, there is a risk that employees may not handle personal data in line with the regulations.

Our teams have experience in cultural change and transformation and can help make data protection a high priority issue in your organisation.

For more information, download our brochure. (PDF, 675KB)


Contact us

If you would like to discuss the most efficient and compliant implementation processes to suit your needs please get in touch with our team. 

Connect with us


Request for proposal



Contact us