A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed needs to be reported to the Data Protection Authority within 72 hours.
Our multidisciplinary team can assist your organisation with every phase of the breach response cycle.
We’ll work with you to:
Build a resilient breach response plan
Run a breach simulation workshop
Provide first response support in case of a breach
Reinforce your privacy programme after a breach response
The GDPR is a complex regulation that requires a broad area of skills. We combine our expertise in compliance, risk management, IT, cyber security, internal audit and legal to support the Privacy Office and Data Protection Officers in their day-to-day operations.
We can help you:
With new regulations come new requirements and new requests for your organisation's IT department, plus a marketing overload of potential solutions from vendors.
The GDPR requires that controllers use processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR.
Although the terms for a so-called GDPR seal are not yet defined, PwC can provide assurance over the effectiveness of your GDPR program. Data processors can use the audit expertise we provide to demonstrate to data controllers that they’re in control of their GDPR program.
Data controllers can also consider getting their GDPR program audited to provide assurance to data subjects that their personal information is well taken care of as a competitive advantage.
To anticipate challenges and to make informed decisions, PwC will help you define which technologies are needed, draft a roadmap and assist during implementation.
We can help you:
Draft the requirements and select the required technologies
Design an implementation roadmap with an eye for quick wins
Advise on the best-suited product(s) for your organisation
Assure quality during implementation
Manage projects or complex programs
An important consequence of the new regulation is to ensure that privacy is not an afterthought when designing a new process or IT system. The GDPR therefore mandates that from design and by default, privacy is protected in any new process, product or technological implementation.
The effects are far-reaching. Any new project or process must ensure that personal data is minimised and processed securely. This means that all new software and products that a company develops or buys must take these design principles into account. Consequently, the IT architecture landscape also needs to make sure that privacy is protected between applications.
We can guide you on:
Including privacy by design and by default in your project methodology
Including privacy by design and by default in your software development lifecycle
Reviewing / auditing software provided by third parties to check privacy by design and by default
Including privacy by design in your IT architecture principles
Assessing GDPR compliance of your products, applications and IT systems