General Data Protection Regulation
GDPR Is Here – Now What?
Hero Description
GDPR consulting services help organisations identify common GDPR gaps and develop remediation plans
General Data Protection Regulation
Body
NEW: GDPR FAQ Guide
We are pleased to share our GDPR FAQ Guide, created in partnership with Robert Half and the multinational law firm Baker McKenzie to help organisations understand, prepare and operate under the GDPR. This guide covers the GDPR basics and focuses on critical areas such as third-party risk, data-privacy rights, consent management and privacy notices.
Protiviti designs holistic and comprehensive approaches to GDPR compliance, supporting privacy and security by design, assessing readiness, and helping businesses better understand their data-privacy posture. In addition, our compliance solutions cover people, processes and technologies to help drive sustainable and effective privacy programmes.
We will work with you to build your organisation’s GDPR programme, including consultation on the following:
- Regulation interpretation – analysis and advice
- Gap remediation with leading practises – including design and implementation of third-party risk, data-privacy rights, data governance and privacy notices
- Compliance solutions – people, process and technology execution for an effective cybersecurity and privacy programme
- Compliance management – monitoring and maintaining controls going forward.
We support clients during all stages of their GDPR compliance efforts. Our organisation integrates global consulting talent from different practises and backgrounds to provide you with a custom team to address your GDPR needs, including functional expertise from our Global Security and Privacy practise and our Data and Analytics teams and legal and privacy support from Robert Half Legal.
Watch our video: What is next around privacy programmes?
How Protiviti Can Assist:
- Discovery and Planning: Inventory of GDPR Data Sources with Their Criticality Template
- GDPR Gap Analysis and Results
- Compliance Roadmap and Supporting Report
- Gap Remediation: Remediate and Implement Solutions
- Post-Regulation Date: Assessing Controls in Place or Maintaining Controls That Have Been Implemented
- Global Capabilities to Deliver GDPR Expertise for Clients
“Protiviti did a great job in helping us to address the privacy challenge with a very strong risk-based approach and had a very pragmatic blended team that provided us several valuable solutions and very effective change management communication materials to address all the organisational and technology impacts required by new privacy regulations.”
– Compliance Officer, top listed global manufacturing company
Key Partners
Insights
2019 Vendor Risk Management Survey
Video: GDPR - What next for privacy programmes
The Cybersecurity Imperative: Managing Cyber Risks in a World of Rapid Digital Change
FAQ: Understanding the General Data Protection Regulation
Protiviti assists organisations in achieving clarity and compliance around privacy risk governance programmes, including GDPR. We help companies understand the impacts of regulatory requirements, assess and remediate processes and technologies and implement changes to achieve and maintain compliance. Our approach to GDPR compliance includes:
Discovery: Identify high-risk areas to ensure a focused approach
- Identify and inventory EU personal data including classification level, data controller, processor and exchanges
- Formal inventory of processing activities
Manage: Determine exposure and prioritise compliance activities
- Assess data collection, processing and storage, and protection measures
- Assignment of a Data Protection Officer transfers to third parties, risk assessment practise and security policies
Protect: Implement changes to achieve compliance
- Obtain executive management support and funding
- Establish compliance programme structure and governance
- Identify compliance strategies
- Implement remediation plans
Report: Provide evidence of accountability and compliance
- Maintain required documentation
- Testing and validation
- Implementation of monitoring tools and processes
- Manage data requests and breach notification