As organisations seek to improve the consumer experience and secure the competitive advantage associated with brand trust, it is crucial they leverage consumer personal information assets in the most appropriate way. With the increasing take-up of cloud computing, and the globalisation of systems, processes, and supply chains, coupled with the proliferation of social media and mobile devices, more consumer data is being collected, retained, disclosed, and transferred around the world.

This, in addition to the constantly evolving nature of organisations due to mergers and acquisitions, organisational restructuring, new system implementations, and the complex, changing legal and regulatory landscapes, has resulted in privacy becoming one of the tougher challenges currently facing organisations.

To minimise risks, and the amount of time it will take to meet new regulations, organisations first need to adopt a fresh mindset on navigating the risk landscape. To accomplish this the following should be considered:

  • Do I understand my organisation’s privacy obligations, and risks, and if our compliance strategy is fit for purpose?
  • Am I making sound decisions and plans with regard to technology and business transformation initiatives involving personal information (e.g. customers and employees)?
  • Do I have a clear view of what personal information is being processed whereby who and for what purpose?
  • Am I confident in my organisation’s ability to detect and manage a data breach effectively?
  • Do I monitor both internal and third-party supplier compliance in respect of privacy and security?
  • How will the proposed regulation impact our enterprise operations and risk appetite?


Provide an independent assessment of current risk profile and how this compares to desired state.


Work with you to design a Privacy Compliance Program to meet requirements of legislations.


Work with you to develop a pragmatic privacy strategy and gain buy-in from senior management.


Support you in maintaining your privacy control environment.


Provide ongoing support and advice to assist you in operating your control environment.


Support the implementation of robust and sustainable processes, policies and controls to allow you to mitigate your privacy risk.

Our privacy services

KPMG believes that privacy is considerably more than just a regulatory issue, and therefore requires a combination and balance of people, processes and technology in order to be successful. We have an integrated privacy team which includes specialists in data privacy, cyber security and technology assurance who will help you understand the most pertinent aspects of privacy (both POPIA and other privacy laws).

KPMG’s Privacy team forms part of a global network of privacy experts who have assisted clients in developing privacy programmes to comply with their privacy regulatory landscape (including the GDPR, PDPA, IDPB). We regularly meet with our global privacy network to exchange experiences and knowledge and to stay abreast of international privacy developments. This ensures that our clients benefit from global best practice.

We understand that privacy needs to “work with” business in order to successfully manage the complex interdependencies of business. We have developed and delivered end-to-end data privacy programmes using our assessment methodology ultimately delivering sustainable compliance in complex and highly regulated industries.


KPMG firms can offer a global, multidisciplinary view of risk, helping you address your privacy challenges. Our unwavering commitment to precision, quality, and objectivity can help you embed protection and trust into all your activities, not just your technology, to create a security culture.

KPMG can offer these benefits because we can bring an uncommon combination of strengths — technological expertise, in-depth business knowledge and creative professionals who are passionate about protecting and building your business.

Cyber security options - Venn diagram

Related content

Throughout this website, “we”, “KPMG”, “us” and “our” refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity.