KPMG has just received its first statement on compliance with GDPR. Together with an ISO27001 certification, this means that KPMG can give their clients a great deal of security when it comes to data processing. The statement has been prepared in accordance with FSR's standard based on ISAE 3000. KPMG will be the first professional services firm in Denmark to document the great work they put into protecting their clients’ and employees' data through systematic compliance with GDPR and best practices for data security management.

KPMG is the only professional services firm in Denmark to have obtained both ISAE3000 GDPR and ISO27001 certification. To achieve this, the professional services firm has had to live up to new and high requirements for procedures for handling personal data and data security in general about and on behalf of KPMG's clients.

“With the new statement, we have completed another important part of our work to ensure a very high level of security and that our clients can have confidence in our data processing. We have a framework for handling absolute world-class personal information. With the new tools, we can build trust with our clients and society to an even greater extent,” says Partner in KPMG Martin Povelsen.

Systematic approach to information security

It is a strategic goal for KPMG to maintain and expand certifications in the field of data processing. Thanks to the latest certifications, KPMG is now at the forefront of the market when it comes to having a systematic approach to information security.
“The ISAE 3000 Assurance Statement enables us to document that we meet the requirements of the GDPR regulations and that we are a credible partner in this area. ISAE 3000 is recognised by the Danish Data Protection Agency, and we are increasingly experiencing that public authorities emphasise that we both as auditors and consultants are able to document our approach to data processing agreements,” says Martin Povelsen.

Continuous updating of data management

The ISO27001 standard sets comprehensive requirements for how to enforce a uniform and complete information security management system. For example, requirements are set for risk management, documentation of processes and distribution of roles and responsibility for information security. Another important element is that the standard ensures a process for continuous improvement. This means that information security is constantly updated, so that KPMG can always be at the forefront of the challenges in a constantly changing business world.

“We are very proud to have achieved these certifications. It has taken time and patience to get here, not least because we have had to implement a number of new procedures. It has involved the entire organisation, but with a pragmatic approach, we have succeeded in finding good and reliable solutions that we can now deliver on,” says Martin Povelsen.

For further information please contact:
Helge Coroli Frandsen, Media Relations Lead, Email:, M: +45 2294 9824

Connect with us