As organisations seek to improve the consumer experience, and secure the competitive advantage associated with brand trust, it is crucial they leverage consumer personal information assets in the most appropriate way.

With the increasing take-up of cloud computing, and the globalisation of systems, processes, and supply chains, coupled with the proliferation of social media and mobile devices, more consumer data is being collected, retained, disclosed, and transferred around the world.

This, in addition to the constantly evolving nature of organisations due to mergers and acquisitions, organisational restructuring, new system implementations and the complex, changing legal and regulatory landscapes, has resulted in privacy becoming one of the tougher challenges currently facing organisations.

Considerations for executives

To minimise risks, and the amount of time it will take to meet new regulations, organisations first need to adopt a fresh mind-set on navigating the risk landscape. To accomplish this the following should be considered:

  • Do I understand my organisation’s privacy obligations, risks, and if our compliance strategy is fit for purpose?
  • Am I making sound decisions and plans with regard to technology and business transformation initiatives involving personal information (e.g. customers and employees)?
  • Do I have a clear view of what personal information is being processed where, by who and for what purpose?
  • Am I confident in my organisation’s ability to detect and manage a data breach effectively?
  • Do I monitor both internal and third party supplier compliance in respect of privacy and security?
  • How will proposed regulation impact our enterprise operations and risk appetite?

Once these questions can be answered then a tailored plan to safely manage information can be developed.


We have deep experience of supporting organisations, helping them to address their privacy challenges. KPMG member firm specialists can adopt a structured and flexible approach to meet the needs of your business. Areas where KPMG professionals can add value, include:


Provide an independent assessment of current risk profile and how this compares to desired state.


Work with you to design a Privacy Compliance Program to meet requirements of legislations.


Work with you to develop a pragmatic privacy strategy and gain buy-in from senior management.


Support you in maintaining your privacy control environment.


Provide ongoing support and advice to assist you in operating your control environment.


Support the implementation of robust and sustainable processes, policies and controls to allow you to mitigate your privacy risk.