Data Protection - KPMG Luxembourg
Share with your friends

Data Protection

Data Protection

Control how personal information is used so as to ensure compliance with regulations and public trust.

Control personal information use; ensure compliance with regulations and public trust.

The European Commission has finalised the text of the General Data Protection Regulation (GDPR), which will come into force in 2016. This new legislation is the most dramatic change in privacy and data protection regulation in decades. This regulation was the result of more than four years of deliberations and negotiations and will have an impact on organisations worldwide. The GDPR requires organisations to fundamentally change how they approach data protection.

The requirements on data privacy and information security are increasing globally, which leads to complex compliance specifications. While it used to be only international companies affected by these issues, nowadays medium and even small enterprises as well as the public sector are required to keep an eye on these issues. As a result of this, we are here to assist our clients in meeting these increasing demands.


How we can help - our services include, but are not limited to:


  • Data Privacy: In this context, we provide clients with thorough data protection assessments, the identification of applicable regulation requirements for their organisation, the development of an understanding of notice, the right to assent to change and disclosure practices, assistance with developing an effective privacy program, as well as the identification and classification of sensitive customer information. Additionally, our service includes developing data access policies, designing data access processes and security controls, establishing a roadmap and scorecard to facilitate ongoing monitoring and continuous improvement of the privacy program, and identifying response protocols and processes for actual breaches.
  • Privacy Impact Assessment: We assess our clients Privacy Programs for newly implemented IT systems, changes in IT systems, and IT development.
  • Identity and Access Management: Our services include logical access controls, monitoring, information disclosure and disposal, controls, physical access controls, third-party service providers, data encryption, ISO 27001 assessment, data integrity/change control, transaction and data flow analysis, and dual control procedures.
  • Information Security Officer/ Data Privacy Officer support: We help our clients with GDPR related assessment of roles and qualifications and the assessment of outsourcing to service organisations.
  • Cloud Computing: We provide clients with cloud maturity, governance, and control as well as security assessments. 


For queries please contact:

Estefania Rizzo
Director, Audit
Information Risk Management
Phone: +352 22 51 51 7912

Connect with us


Want to do business with KPMG?


Request for proposal