Cyber security

Data protection and privacy

  • Share

How you handle customer information and employee personal data may be vital for your organization’s reputation. Additionally, personal data is increasingly subject to a number of regulations that impose restrictions and guidelines on the use and protection of personal information.

A business needs overview of constraints and opportunities related to the use of personal information in order to make informed decisions when designing information and communication tools (ICT). Such insight can help maintain a positive reputation in the market, assess risks within the business, identify suitable risks controls, comply with regulations and identify challenges facing employees or customers.

Management considerations

To build a strong setup for data protection and privacy, your business needs to:

  • Develop and maintain an overview of legal requirements relevant to individual business needs
  • Establish an overview of personal data processes with associated legal basis and purpose
  • Ensure a clear description of roles and responsibilities
  • Identify data protection needs and carry out risk assessments to evaluate the need for measures to ensure satisfactory information security
  • Implement measures for the safeguarding of data
  • Implement measures to guarantee the individual's right to access relevant data and to facilitate requests for data correction and deletion, etc.
  • Adhere to notification and licensing obligations
  • Plan and implement systematic measures to ensure that appropriate internal controls are in place over time

How can EY help?

Based on insights into regulatory trends and best practices within data protection and privacy, our advisors can help you design and implement appropriate internal controls. We help you manage all aspects of data protection and privacy, including how privacy concerns can be addressed through changes in the ICT portfolio, and the creation of awareness programs. Additionally, we can help you prepare for independent reviews and status reports in terms of gap analysis, audits and third party reports.