As organisations seek to improve the customer experience, create value and obtain competitive advantage associated with trust in their brand, the ability to leverage personal information assets in the right way is crucial.

The increasing take-up of cloud computing, globalisation of systems, processes and supply chains, together with the proliferation of social media and mobile devices means more and more personal information is being collected, retained, disclosed and transferred around the world.

Privacy & GDPR

This has resulted in privacy becoming one of the tougher challenges currently facing organisations. Creating value from personal information, whilst still ensuring legal and operational compliance within this complex environment may be increasingly challenging –but we can help you achieve it.

In 2016, the EU adopted the General Data Protection Regulation (GDPR), replacing the 1995 Data Protection Directive. The reform of EU data protection rules has meant people have more control over their personal data and businesses benefit from a level playing field.

These changes, which came into effect in May 2018, reflect an increased focus by the European Commission on data protection. The GDPR means one set of rules for all companies operating in the EU, wherever they are based. While data protection and privacy is not new governments across the globe are enhancing their regulation and requiring organisations to demonstrate compliance.

What’s in it for you?

Leveraging our Privacy Management Framework, we help organisations protect and maintain the integrity of personal information while leveraging its value as an asset. We understand the threats and marketplace trends that organisations are facing and will bring that knowledge and experience to bear, working side by side with you our expert team can support you to manage this area. We offer a broad range of services including:

  • Privacy strategy and governance: Help with the design and implementation of a privacy strategy and governance framework that is right for your organisation.
  • Privacy programme implementation: Design and embed pragmatic, fit for purpose privacy structures and controls to manage privacy risk as part of broader enterprise risk.
  • Privacy inventories and data flow mapping: Identify personal information at rest /in motion to identify risk points and develop strategies to manage the risk in line with appetite.
  • Training and awareness: Develop and run training and awareness programmes tailored to your needs and audience.
  • Data privacy impact assessments (DPIAs) for business and technology projects or transformation programmes
  • E-Privacy Regulation ‘look-ahead’: Help identify the potential impact and strategic implications for your organisation of the proposed E- Privacy Regulation.
  • Privacy audits/assessments and advice: Identify areas of risk associated with privacy compliance and areas where your organisation may be misinterpreting privacy requirements and/or not leveraging personal information to create value.
  • Privacy incident response: Help establish sustainable incident response plans in advance of a data breach and assist in data loss/breach investigations and remediation.
  • Ongoing monitoring of third parties and high-risk processes. Identifying third party processors that manage large volumes of personal data on your behalf and provide an independent review of there privacy control and security framework.


With KPMG, you can have confidence that you’re partnering with the best privacy team in the market, with unrivalled experience, insight and commitment. We incorporate the latest global thinking on data privacy development into our uniquely tailored for Irish circumstances into our support and provide best practice advice to help you to drive value for money. 

Our team - get in touch

Read more in Risk Consulting

Visit pages related to GDPR & Privacy