Privacy & Compliance

Appropriate processing and securing of personal data are a requirement for trustworthy operation. Neglecting the compliance stipulated by privacy may have severe consequences for an organisation’s business in terms of reputation and trust, and may also result in financial losses.

Development and evaluation of privacy compliance

We will provide you with expert support for the management and administration of privacy, development of privacy-related issues and the maintenance and development of compliance. We will also help you with the identification, evaluation and management of privacy risks. We will assist you with the implementation of impact assessments (PIA/DPIA) and legal privacy issues together with our legal services.

New ways of thinking about cybersecurity and privacy

Forward-thinking business leaders can make cybersecurity a powerful advantage, propelling their organizations forward.

loading-player

Playback of this video is not currently available

According to the EU General Privacy Regulation (GDPR), the processing of all personal data must be legitimate, purpose-specific and risk-based. The register controller is also accountable for the compliance and continuous development of the processing. Operation must take into consideration privacy by default and privacy by design. Customers also have the right to know about the processing of their personal data and have access to it. Good privacy compliance consists of appropriate protection of personal data with regard to the responsibilities of the register controller or data processor and the registree’s rights.  

Creation and development of a security and privacy control framework

Building cost-efficient privacy is based on protection mechanisms selected through risk evaluation that fulfil the obligations of privacy legislation. The protection mechanisms form a control reference framework that consists of controls, their goals and the results of the implemented controls. We help organisations create a control reference framework and develop their operations in accordance with it.

Security and privacy auditing and ISAE/GDPR assurance

Do you want to be sure that your operation is compliant with privacy requirements? ISAE 3000/GDPR assurance is a risk-based approach to demonstrating compliance with the EU General Privacy Regulation. The assurance audit and reporting is a business-based model, because it takes into consideration both compliance with GDPR and the privacy controls which have been designed and implemented in a risk-based manner. We assure organisation's services and processes privacy controls by auditing and reporting based on globally known standard (e.g. ISAE3000).

We also perform privacy related internal audits and inspections that will help an organisation develop its privacy management, operation and compliance. The service is also available as a continuous service when needed.

Management of privacy violations

Do you know how an organisation is supposed to act when personal data has leaked outside the organisation without authorisation, accidentally or because of security breach? Such personal data violations are an increasingly common challenge for organisations today. The challenge is complicated by the privacy regulation’s requirements for damage assessment and the strict deadlines for notifying the authorities.

We help organisations describe the process of a privacy incident management and  practice actions required by the process. We also support organisations when privacy violations occur and support within reporting activities to relevant authorities.

Contact us

Jani Arnell

Jani Arnell

Director, Cybersecurity & Privacy Leader, PwC Finland

Tel: +358 (0)20 787 8844

Jörgen Jansson

Jörgen Jansson

Security and Privacy, PwC Finland

Tel: +358 (0)50 590 0662

Ari Suominen

Ari Suominen

Security and Privacy, PwC Finland

Tel: +358 (0)20 787 8127

Stay connected