Appropriate processing and securing of personal data are a requirement for trustworthy operation. Neglecting the compliance stipulated by privacy may have severe consequences for an organisation’s business in terms of reputation and trust, and may also result in financial losses.
We will provide you with expert support for the management and administration of privacy, development of privacy-related issues and the maintenance and development of compliance. We will also help you with the identification, evaluation and management of privacy risks. We will assist you with the implementation of impact assessments (PIA/DPIA) and legal privacy issues together with our legal services.
According to the EU General Privacy Regulation (GDPR), the processing of all personal data must be legitimate, purpose-specific and risk-based. The register controller is also accountable for the compliance and continuous development of the processing. Operation must take into consideration privacy by default and privacy by design. Customers also have the right to know about the processing of their personal data and have access to it. Good privacy compliance consists of appropriate protection of personal data with regard to the responsibilities of the register controller or data processor and the registree’s rights.
Building cost-efficient privacy is based on protection mechanisms selected through risk evaluation that fulfil the obligations of privacy legislation. The protection mechanisms form a control reference framework that consists of controls, their goals and the results of the implemented controls. We help organisations create a control reference framework and develop their operations in accordance with it.
Do you want to be sure that your operation is compliant with privacy requirements? ISAE 3000/GDPR assurance is a risk-based approach to demonstrating compliance with the EU General Privacy Regulation. The assurance audit and reporting is a business-based model, because it takes into consideration both compliance with GDPR and the privacy controls which have been designed and implemented in a risk-based manner. We assure organisation's services and processes privacy controls by auditing and reporting based on globally known standard (e.g. ISAE3000).
We also perform privacy related internal audits and inspections that will help an organisation develop its privacy management, operation and compliance. The service is also available as a continuous service when needed.
Do you know how an organisation is supposed to act when personal data has leaked outside the organisation without authorisation, accidentally or because of security breach? Such personal data violations are an increasingly common challenge for organisations today. The challenge is complicated by the privacy regulation’s requirements for damage assessment and the strict deadlines for notifying the authorities.
We help organisations describe the process of a privacy incident management and practice actions required by the process. We also support organisations when privacy violations occur and support within reporting activities to relevant authorities.
Director, Cybersecurity & Privacy Leader, PwC Finland
Tel: +358 (0)20 787 8844
Security and Privacy, PwC Finland
Tel: +358 (0)50 590 0662
Security and Privacy, PwC Finland
Tel: +358 (0)20 787 8127