• 1000

Your challenges and how we support you

Data protection is in the public eye. National and international legal requirements are becoming increasingly complex and harbour a number of unresolved issues. Violations of data protection regulations can have drastic consequences for affected companies and the people responsible for them. This has applied all the more since the EU General Data Protection Regulation (GDPR) came into force on 25 May 2018. Companies now face fines of up to four percent of the previous year's global turnover for failing to maintain data protection-compliant processes. Fines already issued show clearly that the supervisory authorities are becoming more active. In particular, there has been a significant increase in the number of fines running into the millions of euros. The GDPR also requires companies to prove that they meet the requirements of the regulation - the work this involves should not be underestimated. 

In addition to fines, data protection violations can have other consequences, such as claims for damages by affected parties, the imposition of fines or imprisonment. The responsible bodies and managers can also be held personally responsible if they do not fulfil their supervisory duties. Moreover, the reputational damage associated with data protection violations cannot be ignored. Effective and efficient prevention of data protection breaches is therefore essential for companies. This requires the establishment of an appropriate and effective data protection management system.

The complexity of the matter demands that the requirements of data protection law, the requirements of labour, criminal and telecommunications law as well as other laws are regularly observed when personal data is processed. Data protection is a crucial consideration for specific activities of all corporate units, i.e. not only the audit, compliance, HR, IT or security departments, but also the specialist departments. This requires an interdisciplinary approach that answers organisational, legal and technical questions.

KPMG helps you to identify and apply the legal requirements for your company and also supports you in preventing, identifying and responding to data protection-related incidents.

Our services:

  • Support in the design and implementation of a data protection management system. 
  • Design and implementation of the core data protection processes, risk analyses and the central register of processing activities for the GDPR that are relevant for this system.
  • Design of deletion concepts.
  • Ensuring transparency requirements.
  • Establishment of data protection-compliant service provider management with regard to third-country transfers and commissioned processing.
  • Advice on commissioned processing scenarios and joint responsibility.
  • Conducting service provider audits.
  • Advice on third-country transfers and the creation of binding corporate rules.
  • Appropriateness and effectiveness review of the data protection management system according to recognised standards.
  • Clarification and processing of data protection or data security breaches.
  • Support in communicating with the data protection supervisory authorities.
  • Recommendations for any necessary realignment of systems and processes.
  • Conducting training at both management and staff levels.
  • Advice on the legal requirements of the ePrivacy Directive or ePrivacy Regulation-E, as applicable.


We are there for you around the clock: 

KPMG Forensic Emergency Hotline: 0800 SOS KPMG (0800 767 5764)

E-Mail: de-sos@kpmg.com