It’s all about data, isn’t it? Although it may seem counterintuitive to privacy practitioners, organizations are too focused on and distracted by data when it comes to privacy compliance. In order to sustain privacy compliance and risk management efforts over time, organizations should instead start with an intimate understanding of business processes.
With GDPR, the Privacy Office must be familiar with how (and why) high-risk business processes gather, use, manage, and store personal data. Armed with this understanding, the Privacy Office can make better risk-based determinations of where to focus privacy governance investments.
RSA Archer and GDPR
GDPR compliance efforts are similar to complying to other regulatory mandates. Like other compliance management efforts, technology implementation is an integral component of GDPR enablement. It is KPMG’s belief that RSA Archer can be an effective enabler to automate GDPR compliance processes by using RSA Archer’s out of the box applications and questionnaire capabilities.
How can KPMG help?
KPMG is different. We work alongside our clients to design, implement, and govern a self-service, on-demand, and solutions-focused approach to privacy compliance that will demonstrably deliver real business value by materially lowering the cost of compliance, lowering the cost of control, and increasing the confidence that executives have with regards to protecting at-risk personal data assets.