Since the introduction of the General Data Protection Regulation (AVG or GDPR), organizations have been confronted with strict requirements with regard to the processing and protection of personal data. The Dutch Data Protection Authority expects accountability and transparency in this area. Other stakeholders must also be able to trust you to treat their personal data responsibly, in accordance with the legislation and regulations. In order to gain stakeholders trust that you manage personal data responsibly, you must be able to demonstrate compliance with applicable legislations and regulations.
Since the announcement of AVG / GDPR, many organizations have focused mainly on complying with the new regulations. This is a sensible approach, because non-compliance with the AVG / GDPR can result in financial penalties and reputational damage. At the same time, organisations are missing the opportunity to add value: demonstrably handling personal data with care, enables building trust and encourages people to do business with you. In this way, data privacy becomes both an opportunity and a competitive advantage.
Depending on your needs and the nature of your organization, we can help you to structurally improve and control your data and privacy protection. For example, we can prepare your organization for certification of your privacy information management system or issue an assurance statement. This validation will give your internal and external stakeholders confidence that you are compliant and in control.
We are aware that being compliant with laws and regulations adds to the compliance burden and costs for organisations. Considering this, we can advise you on the use of technology and tools to make your compliance processes more efficient.
To map your current level of AVG / GDPR compliance, we are able to perform a quick scan. The quick scan provides an analysis of the current and desired situation and recommendations to improve the degree of compliance. The quick scan has an engagement period of one to two weeks.
The current level of compliance will be assessed based on the most important AVG/GDPR principles. This includes; data privacy governance (who has access to what), transparency of your data processing, principles for collecting data, application of the principle of data minimization (only collecting required data) and especially your ability to demonstrate your compliance with the law to your stakeholders.
If you already have a good view on your current and desired level of AVG / GDPR compliance, you can choose for a more detailed and in-depth assessment. This assessment helps you to improve confidence about the steps you have taken to achieve compliance. In addition, it can also help you to prepare for AVG/GDPR certification, which demonstrates your compliance to external stakeholders. The Trust Readiness Assessment has an average engagement period of three to five weeks.
We use different frameworks to assess the privacy maturity level of your organization. We have designed a best practice framework ourselves, but we can also use the NOREA Privacy Control Framework. Our Trust Readiness Assessment results in a report with detailed findings, risks and recommendations to reach the desired level of maturity.
We offer a data privacy assurance program for organizations that have already effectively implemented AVG / GDPR and who would like to provide trust and confidence to their stakeholders.
Together with you, we determine the scope of the audit, the number of tests that we carry out and the test methods. We can provide an assurance statement based on an independent standard framework, for example the Privacy Control Framework of the NOREA, or a self-developed control framework that meets the same standards.
© 2015 - 2021 PwC. PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.