How we can help

Our multidisciplinary team of specialists optimises your privacy and GDPR compliance with an end-to-end solution tailored to your unique business needs

Breach response support

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed needs to be reported to the Data Protection Authority within 72 hours.

Our multidisciplinary team can assist your organisation with every phase of the breach response cycle.

We’ll work with you to:

  • Build a resilient breach response plan

  • Run a breach simulation workshop

  • Provide first response support in case of a breach

  • Reinforce your privacy programme after a breach response


Support to the Privacy Office and Data Protection Officer

The GDPR is a complex regulation that requires a broad area of skills. We combine our expertise in compliance, risk management, IT, cyber security, internal audit and legal to support the Privacy Office and Data Protection Officers in their day-to-day operations.

We can help you:


  • Build your GDPR vision and  strategy to maximise the value of your data
  • Develop your personal data policy and define impact on your personal data governance
  • Prepare for breach response


  • Execute a GDPR implementation and associated project management activities
  • Develop your cookie policy and privacy notice
  • Review and prepare your data processing agreements
  • Develop a privacy control and security framework
  • Build your data register


  • Execute Data Protection Assessments and Data Protection Impact Assessments
  • Manage access rights and traceability through Identity and Access Management (including your customers and third parties) 
  • Establish privacy by design and by default


  • Build GDPR awareness and provide privacy training and workshops to your organisation
  • Organise privacy audits to assist you in your privacy supervision role
  • Identify and assess compliance of private data held by your organisation

With new regulations come new requirements and new requests for your organisation's IT department, plus a marketing overload of potential solutions from vendors.

Auditing your privacy control programme

The GDPR requires that controllers use processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR.

Although the terms for a so-called GDPR seal are not yet defined, PwC can provide assurance over the effectiveness of your GDPR program. Data processors can use the audit expertise we provide to demonstrate to data controllers that they’re in control of their GDPR program.

Data controllers can also consider getting their GDPR program audited to provide assurance to data subjects that their personal information is well taken care of as a competitive advantage.


Auditing personal data through analytics reporting

Advice on Privacy Enhancing Technology (PET)

To anticipate challenges and to make informed decisions, PwC will help you define which technologies are needed, draft a roadmap and assist during implementation.

We can help you:

  • Draft the requirements and select the required technologies

  • Design an implementation roadmap with an eye for quick wins

  • Advise on the best-suited product(s) for your organisation

  • Assure quality during implementation

  • Manage projects or complex programs

Privacy by design: easy access to change privacy settings on mobile devices

Privacy by design and by default

An important consequence of the new regulation is to ensure that privacy is not an afterthought when designing a new process or IT system. The GDPR therefore mandates that from design and by default, privacy is protected in any new process, product or technological implementation.

The effects are far-reaching. Any new project or process must ensure that personal data is minimised and processed securely. This means that all new software and products that a company develops or buys must take these design principles into account. Consequently, the IT architecture landscape also needs to make sure that privacy is protected between applications.

We can guide you on:

  • Including privacy by design and by default in your project methodology

  • Including privacy by design and by default in your software development lifecycle

  • Reviewing / auditing software provided by third parties to check privacy by design and by default

  • Including privacy by design in your IT architecture principles

  • Assessing GDPR compliance of your products, applications and IT systems

Contact us

Pascal Tops

Pascal Tops

Partner Risk, Compliance & Cybersecurity, PwC Belgium

Tel: +32 473 91 03 68

Connect with PwC Belgium