Why is it important?

The General Data Protection Regulation (GDPR), without doubt, has introduced the most dramatic change to data privacy and governance in recent years. GDPR, which came into force on 25 May 2018, requires all companies with EU personal data subjects, to transform their data collection, processing, storage, deletion and transfer practices to comply with the new regulation. The key issue for business is to assess the effect of GDPR on their operations, reveal the gaps and develop control measures to mitigate or eliminate them. GDPR compliance is a challenge for every business as it combines technology, processes and governance, under one compliance framework.

How we can help 

KPMG has its own proven methodology on the conduct and management of privacy assurance engagements. We offer legal, organisational and technological support, to help you meet the obligations imposed by GDPR. KPMG’s risk-based assessment approach allows us to reveal the most critical GDPR issues for your company’s business, identify any weaknesses and associated risks, and develop a set of recommendations to overcome inconsistencies and compliance issues. Our experience developing internal GDPR documentation and conducting GDPR reviews against regulatory requirements, allows our experts to focus on the key issues, in the most effective and efficient way.

What we do 

• We provide consulting services on compliance with GDPR requirements.
• We conduct independent assessments of the current state of personal data protection and provide recommendations for ensuring compliance with GDPR requirements.
• We provide support for the implementation of personal data protection requirements, including the development of internal regulations, policies and procedures, and technical requirements.
• We provide support for the development of documentation packages that meet the requirements of the regulations.
• We conduct workshops and training on personal data protection.
• We conduct independent assessment and knowledge checks of employees understanding of their responsibilities with regard to personal data protection.

What you get 

Our flexible approach to the implementation of data privacy assurance engagements, means that our Clients receive a set of services specifically tailored to their needs. We provide assistance in the identification of processes and data sets that may be subject to GDPR, and in the development of an appropriate set of control measures to ensure compliance. With the help of an individually developed road map, our Clients have the opportunity independently, or with KPMG's support, to monitor and assess their level of compliance with GDPR requirements. Development and delivery of training programmes on personal data protection helps our clients acquire the knowledge and skills necessary to be sure that they achieve compliance with the requirements of GDPR.