Privacy Transformation Services - Marcus Sörlander and Peter Birgersson | January 2020 - Deloitte
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Privacy Transformation Services Marcus Sörlander and Peter Birgersson | January 2020
Privacy Transformation Services CLIENT
CHALLENGE
Client Challenge
Managing Privacy is complex, and the consequences of getting it wrong are significant. The OUR APPROACH
upside of getting it right is the ability to use personal data responsibly to enable business
opportunities and enhance trust
How can internal METHODOLOGY
What is the processes be
appropriate improved, reducing How can
response towards operational costs organisations
Privacy risks – when How can an while future-proof
the global landscape organisation prepare demonstrating themselves against
is so complex? against data compliance and new laws and
WHY DELOITTE?
incidents, enabling business disruptive
regulatory opportunities? technologies and
investigations, and generate more trust
public scrutiny? through the ethical
use of data?
CREDENTIALS
Privacy is now a top risk for companies whose business model depends on using
large amounts of information – from customers, associates, or business partners. At
the same time, and with the right approach and implementation, Privacy can also
enable business opportunities. CONTACTS
2
Privacy Transformation Services CLIENT
Client Challenge
CHALLENGE
What do we do?
We support you in defining your Privacy strategy and implementing the right capabilities to OUR APPROACH
realise that vision
DEFINE TARGET TRANSFORM SUSTAIN OUTCOMES
Risk-based and proportionate METHODOLOGY
management of Privacy risks
Accountability and More resilience to data incidents and
Governance disruptions
• Define a meaningful target Training, Awareness
(incl. Internal Audit)
Privacy by Design
and an appropriate response & Cultural Change Sustainable, cost-effective privacy
Define a Privacy target
to your risk processes
operating model WHY DELOITTE?
Enhanced data management and
uses for your data
Privacy Ethics People Data
• Develop a Privacy strategy and
and Data Protection
target operating model Innovation Technologies Future-proofing against upcoming
regulations and new technologies
Process Technology Brand protection and ethical uses of CREDENTIALS
• Deliver a tailored and risk- Incident personal data
based transformation Third Party
Management
Management
Data Subject &
Privacy
Marketing
Management
Assurance CONTACTS
Data 3
Management
Privacy Transformation Services CLIENT
Client Challenge
CHALLENGE
How does it work?
Our approach
Whether comprehensive or targeted, a Privacy Transformation programme supports the OUR APPROACH
creation and execution of a defined strategy for managing privacy risks. Through a
balanced set of solutions, changes are embedded into your processes while minimising
operational disruption.
1 2 3 4 Methodology
METHODOLOGY
Assess Privacy risks and Define Privacy strategy and Deliver transformation Monitor and sustain
identify adequate response target operating model programme outcomes
Measure your processing Define your response to Privacy transformation is Transition into sustainable
landscape against regulatory Privacy risks according to legal designed and implemented compliance:
requirements requirements, business according to your defined
opportunities, maturity targets, target operating model and • Continuous compliance Why
WHYDeloitte?
DELOITTE?
Obtain a clear insight into and operational considerations. strategy monitoring and reporting
what privacy risks you face. • Data protection impact
Develop overall strategy and Core components include: assessments (DPIA)
Gain stakeholder buy-in to Privacy target operating • Maintain records of
begin your transformation model. • Accountability and processing activities
journey Governance • Data subject request
Define and prioritise the right • Privacy by Design in existing fulfilment CREDENTIALS
Credentials
privacy transformation processes and technology • Incident management
components that support • Data Management and Data • Training and awareness
your vision and will deliver Protection Technologies • Implementation of advanced
your strategy. • Third Party Management and components (Privacy
Assurance Ethics), and monitoring /
• Incident Management oversight (program KPIs and
• Data Subject Requests metrics) CONTACTS
Contacts
• Cultural change
4
Privacy Transformation Services CLIENT
Client Challenge
CHALLENGE
Deloitte differentiated
Why us? Multidisciplinary Risk-based International Our approach
OUR APPROACH
Deloitte is the market
leader in Europe for data
privacy advisory
services. We bring the right tools for Our track record enables us to
Our team has over 200
the job. Our team has a design unique and tailored
dedicated privacy
We take a collaborative diverse set of skills, from solutions or work with existing
professionals serving multiple Methodology
security, privacy, legal, initiatives in your organisation
approach across our sectors, geographies and METHODOLOGY
organisational, ethical and – no matter your maturity
member firms, technologies.
change management. level.
connecting a dedicated
team of legal and
technical experts.
Our Privacy Transformation
We make privacy fit into your
methods have been tried-and-
processes, culture, and We work internationally and
requirements. We are
tested in multiple global
provide subject matter
Why
WHYDeloitte?
DELOITTE?
clients with complex
experienced in integrating our expertise where it is needed
challenges – often with the
solution into wider cyber the most.
support of privacy
initiatives.
technologies.
We have a track record of transforming the way our clients manage Privacy risks and
opportunities. Through our Transformation Services, we are committed to delivering: CREDENTIALS
Credentials
• Compliance processes that make sense, cost less, and produce results
• Deeper insights into data – where it is, to where it flows, and why it is needed
• Drawing more value from data while confidently managing compliance requirements
• Agile incident management procedures
• Future-proofing against upcoming regulations (US privacy laws, ePrivacy Regulation)
• Brand protection, with Privacy as differentiating factor and brand enhancer CONTACTS
Contacts
5Privacy Transformation Services CLIENT
Client Challenge
CHALLENGE
Credentials
Our approach
We have delivered privacy transformation services at a wide range of clients and industries. OUR APPROACH
Below are examples of recent projects where we transformed the way our clients manage
their privacy risk:
1 2 3
Methodology
METHODOLOGY
2019 – Medical Life Sciences – Full 2018/2019 – Consumer Business – 2018 – Global Provider of
Transformation Full Transformation Financial, HR and payroll services–
A newly formed Privacy Office of a Fortune For a global food and beverages company, Global Privacy Programme
500 medical devices company requested our Deloitte led a transformation project
assistance to set up a sustainable GDPR covering all major phases of a privacy Deloitte assessed the Group’s data
remediation programme. transformation. environment, and also looked closely at the
Why
WHYDeloitte?
DELOITTE?
systems and people that assist it and at its
Our team assessed the client’s executive The engagement comprised a GDPR gap overall goals and purpose.
priorities, market profile, and allocated assessment followed by prioritised
resources to design and execute a tailored implementation phases focusing initially on Deloitte implemented an effective and
transformation journey focusing on incident GDPR readiness, and subsequently on insightful GDPR program ready for the
management, data subject rights sustainable compliance and targeted future and assisted on seven work streams
compliance, records of processing initiatives. with different local stakeholders.
activities, third party risk management, Furthermore Deloitte facilitated the CREDENTIALS
Credentials
consent management engines, CRM Aside from all key areas of GDPR organization of training and an event with
compliance, data protection impact compliance, the transformation focused on the overall goal of Community building.
assessments, and privacy by design for sales and marketing compliance, data
clinical trials and medical devices. subject rights fulfilment, and Privacy by Our contribution resulted in the completion
Design in app development. of the GDPR program, providing the client
Our contribution defined processes that can with the tools and insights to continue to
be leveraged to absorb future regulatory Our contribution resulted in a defined and develop a dynamic data privacy CONTACTS
Contacts
challenges such as the ePrivacy Regulation sustainable privacy program supported by environment. 6
or the California Consumer Privacy Act. robust governance practices.Privacy Transformation Services CLIENT
CHALLENGE
Lead contacts
Deloitte North South Europe can mobilise the capabilities, resources, and country OUR APPROACH
representatives to support your vision.
We have more than 200 privacy professionals
operating in Europe, and a global SME team with
Marcus Sörlander more than 450 members.
Partner
METHODOLOGY
T: +46 73 397 24 63
(5)
E: msoerlander@deloitte.se (7)
(13)
(12)
Appendix – Contacts and links
WHY DELOITTE?
(13)
Peter Birgersson
(8) (45) (35)
Partner
(23)
T: +46 70 080 24 69
(15)
CREDENTIALS
E: pbirgersson@deloitte.se
(25)
(8)
A high number of our privacy professionals are
CIPP/E and CIPP/M certified, and also CISSP, CONTACTS
OPTM/A, CIPT, CISA, and ISO 27001 certified. 7Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their re lated entities. DTTL (also referred to as “Deloitte Global”) and each of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories serves four out of five Fortune Global 500®companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms or their related entities (collectively, the “Deloitte network”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2020 Deloitte AB
You can also read
