The better the question. The better the answer. The better the world works. У вас есть вопрос? У нас есть ответ. Решая сложные задачи бизнеса, мы улучшаем мир. У вас є запитання? У нас є відповідь. Вирішуючи складні завдання бізнесу, ми змінюємо світ на краще. Meilleure la question, meilleure la réponse. Pour un monde meilleur. 問題越好。答案越好。商業世界越美好。 问题越好。答案越好。商业世界越美好。

Are you ready for the General Data Protection Regulation?


From May 25, 2018 the General Data Protection Regulation (GDPR) has been in force. Meaning that from that date the same privacy legislation now applies throughout the European Union. Do you already comply with the GDPR?p>

GDPR – the biggest changes

The GDPR contains:

  • Stronger and more extensive privacy rights
  • More responsibilities for organizations
  • The same, stronger competences for all European Data Protection Authorities, such as the competence to impose fines up to 20 million euros or 4% of the worldwide turnover.

An emphasis will lie on the responsibility of organizations. As an organization you must be able to show that you are compliant with the GDPR. This means, among other things, that you can show which personal data you collect, how you use data, how long you store it and how you secure it.

With these important preparations EY can assist. From maturity assessments to complete implementation procedures, we are there to assist in every step of the process.

Data Privacy

As one of the most integrated advisory firms globally, we can quickly mobilize our employees and deploy them at the right location at the right time. Our sector-oriented approach and global coverage enables us to help clients around the world in managing risks of privacy, improving performance and ensuring results.

We have extensive experience in the field of implementing complex data privacy projects, in which we distinguish ourselves in translating the relevant privacy laws and regulations into legal, technical or organizational solutions that most importantly are truly effective in practice.

Policy in practice

For a privacy policy to be successful, the 'paper' policy must be converted into a policy that works well in practice. A policy may look good on paper, but if it is not correctly implemented or not executed correctly, it will never be effective. In fact this actually means that the organization is not compliant (design and existence is then demonstrated, but the operating effectiveness is lacking).

When implementing policies, legal regulations (open norms from the law and the policy) are translated into the workplace. Just because the GDPR knows many 'open standards', it is necessary that the requirements as set by the GDPR are interpreted correctly and translated into technical, organizational or legal measures.

Risk-based approach

EY does this through a risk-based approach whereby we take into account the necessary IT and business controls. Examples include encryption, access limitation, privacy awareness training, data governance and approval processes. We always strive for the best combination of technical and organizational solutions.

EY Advisory has developed a multidisciplinary specialism in which we cooperate with multiple service lines to assist organizations in their roadmap towards compliance with the GDPR. We do this through training materials, communication of policies into various departments of the organization, FAQs, preparation of working documents and improvement plans and extensive technical expertise to implement the measures of our clients into their data systems.

Together we can achieve the best results. We would like to introduce you to our Data Privacy expert team:

In almost every important decision, legal considerations play a big role especially when it comes to privacy. Because of new technological developments it becomes more and more difficult to find a balance between using personal data and protecting it.

Based on the GDPR, strict rules are in place when it comes to preventing the abuse and improper use of personal data. A key aspect of the GDPR concerns having the right documentation in place in order to satisfy the information obligations.

Does your organization need help with the preparation of its register of processing activities Which retention policies, privacy policies and notices, statements and procedures does your organization need? How will you implement the right to be forgotten and Privacy by Design and Privacy by Default. Has your organization managed its contracts with its vendors appropriately?

HVG advocaten-avocats can support you in complying with the GDPR and assist you as a legal expert in privacy. We do this by means of a multidisciplinary approach: together with the other Data Privacy experts we team up to get your organization ready for the GDPR!

Peter Suykens
+32 (0)473 73 02 62

Angela Nowosad
+32 (0)476 97 88 07

Stricter regulation, privacy issues and the growing complexity in cybersecurity require organizations to upscale their data management and cybersecurity. From May 25 2018 onwards, organizations must have implemented extensive cybersecurity and breach detection measures against the theft of personal data.

EY Cybersecurity offering integrates data privacy and cybersecurity. We offer a practical approach to improve the protection of your most critical data assets. Central in this approach is prevention and resilience, when incidents actually happen.

If you want to know more on how EY can help your organization to protect personal data against, please contact us for a more detailed overview of our services.

Andy Deprez
+32 477 627 848

Koen Machilsen
+32 (0)2 774 6053

Yannick Scheelen
+32 472 630 919

Every attack is different, and so is every organization. For organisations to maintain effective incident response procedures they need to be tailored to their environment.

The FIDS team consists of professionals with extensive experience in incident response, investigative and remediation skills focussed on data breach management. A typical incident response process consists of: identification, containment, investigation, remediation and eradication supported by incident and crisis management.

With these services we tackle the concept of accountability: ensure compliance, demonstrate compliance and demonstrate effectiveness. Our skilled experts combine their knowledge and expertise with innovative tooling by which we for instance are able to identify Personal Identifiable Information in structured as well as unstructured data!

In our services we take an integrated approach by teaming up with the other experts as mentioned on this page.

Frederik Verhasselt
Partner FIDS
+32 477 233 000

Peter Leyman
Executive Director FIDS
+32 474 988 509

EY People Advisory Services is are all about the people agenda of your business. Be it handling the international and cross border employment of your staff from an employment law, tax and social security perspective, the implementation of a next generation flexible reward schemes or conducting an HR transformation or HR Transaction and communication project, PAS is your trusted partner for the journey. Find the latest about PAS in Belgium on our dedicated website.

The impact of GDPR for your HR-department will be radical and versatile. To name a few:

  • Obviously HR processes a lot of personal data during the employment lifecycle of staff, resulting in HR-data representing some of the largest parts, if not the largest part of personal data processed within any organization;
  • HR will need to understand and navigate additional and at times competing legal obligations from GDPR versus labour law;
  • Documentation without application will make any GDPR effort fruitless. As such, one of the key aspects of any successful GDPR effort, will be to create awareness and a privacy-set-of-mind in the hearts and minds of the people making up the organization. Any effort in this direction will require training and communication, efforts typically driven by HR;
  • Seen the vast amount of personal data going around with HR, not seldom HR will become project owners in part or in whole, of an organization’s GDPR efforts .

Being the sparring partner for HR departments, PAS is accustomed to and knowledgeable about the HR professional’s point of view. Understanding both the obligations under GDPR as well as the daily practical and legal considerations and concerns at HR, our PAS professionals bring together the knowledge to understand the impacts and needs to be considered by HR, helping you turn privacy in the workplace under GDPR from pain to gain.

Hendrik Serruys
+32 479 982 950

Roel Verhelst
+32 496 052 855

As organizations usher in to getting compliant with the new EU GDPR regulation by May 2018, there is no mechanism through which they can demonstrate compliance with the GDPR to their customers.

EY CertifyPoint has its own scheme in line with the GDPR regulation where we certify clients for compliance with the GDPR after assessing them as per our scheme.

The procedure consists of an evaluation of the processing mechanisms by competent privacy auditors along with technology and legal experts and an evaluation report will be provided by EY CertifyPoint, an independent certification body.

So many technology companies are striving for these kind of norms nowadays. When will you step in?

Jatin Sehgal
Global Leader and Managing Director EY CertifyPoint
+31 6 2908 4825


EY - Andy Deprez

Andy Deprez
+32 (0)2 774 62 47