Easing the burden of data privacy compliance

Similar documents
GDPR: what you need to know

EU General Data Protection Regulation: are you ready?

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

EU General Data Protection Regulation: Are you ready?

How does treasury adapt to the finance function of the future?

EU General Data Protection Regulation in the digital age: Are you ready?

Digital Passport. Transforming SME banking through customer-permissioned data exchange

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

Big data strategy to support the CFO and governance agenda

EY LIC Solution. Powerful tool to support quick IFRS 9 implementation

How can a transparent and effective corporate governance culture support the governance framework?

IPO readiness. Save time and costs and increase transaction certainty by adopting a structured approach to your IPO journey

Cloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016

Contacts. About EY Catalyst TM. EY Assurance Tax Transactions Advisory

Regulatory Reporting: Implementing the proposed MAS Notice 610. Navigating the regulatory reporting and data challenge

Commodities Markets. Working with you to address your challenges in the commodities markets

What path will you navigate to carve-out sale success? Road map part 1: Getting the deal signed in six months

Strengthening accountability in banking

Control and testing transformation

Complaint handling: under the spotlight. EY point of view

RouteONE Helping enhance the real value from SAP GRC Risk Management

Global digital telecom playbook

MiFID II Extraterritorial Impacts. Product Manufacturing and Distribution

What role could the finance function play in a 4.0 world?

Go global: positioning your family business expansion across borders. Key considerations for accelerating your growth

Heightened standards for compliance risk management. Lines of defense compliance s role

Improving your finance function effectiveness

Launching a hedge fund building the operational foundation for success

Next-generation enterprise risk management

Delivering tomorrow s companies today. How global business services can transform your business. The CIO perspective

Finance for Non- Finance Executives

Can the EU Directive on nonfinancial reporting give you a competitive advantage?

Complex contracting made simple

Are you ready for conflict minerals reporting?

Roadmap to carve-out sale success. Getting the deal signed in six months

Ready for takeoff? Overcoming the practical and legal difficulties in identifying and realizing the value of data. Self-assessment guide

Designing a finance function to meet tomorrow s challenges

Business integrity and sustainable growth: making the intelligent connection Fraud Investigation & Dispute Services

Ready for review: Business Model Assessment

How can you turn digital risk into a source of competitive advantage?

Advanced process assurance and data analytics

CFO and beyond. The possibilities and pathways outside finance The CFO perspective: at a glance

Global supply chain benchmarking study for the tire industry Executive summary 1

Getting the right robots Getting robots right

The dawn of a new partnership

Leveraging technology and data for cost effective risk management

When bots are GBS co-workers, how do you manage change?

Internal audit in insurance: market issues and trends

Excellence in Operations. Getting the basics right in banking

Session 42, Model Governance: What Could Possibly Go Wrong? Part I. Moderator: David R.W. Payne, MAAA, FCAS

Competition, coexistence or symbiosis? The DNA of C-suite sales and marketing leaders. The CCO perspective

When is customer experience a competitive advantage? Improving customer experience in the technology, media and telecommunications sector

BCBS 239 Risk data aggregation and reporting

Robotic process automation. Automation s next frontier

Business Pulse. Exploring dual perspectives on the top 10 risks and opportunities in 2013 and beyond. The COO perspective

Surveillance Program Design and Behavioral Analytics Implementation

Session 56, Model Governance: What Could Possibly Go Wrong? Part II. Moderator: David R.W. Payne, MAAA, FCAS

Does a disrupted Internal Audit function mean a stronger strategic partner?

EY license compliance manager for SAP software. Forensic Technology & Discovery Services

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Will there be finance after digital?

Leading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017

If you connect the dots, will the bigger picture be clearer?

CoE in a Box - Enablement and Controls. The key get rights vital to successful RPA CoE Program

Model Risk Management (MRM)

EY Center for Board Matters Boards and internal audit

Industry insight and global experience: the intelligent connection

Are you ready for a future outside of the European Union?

Boards and internal audit: Working together to strengthen risk management

RouteONE Helping enhance the real value from SAP GRC Access Control

IFRS 9 in a box. EY IFRS 9 recommendations for small-and medium-sized entities

Robotics and its role in the future of work

Delivering tomorrow s companies today. How global business services can transform your business. The CFO perspective at a glance

Session 4C: Model Governance: What Could Possibly Go Wrong? (Part I) Moderator: Dwayne Allen Husbands, FSA, MAAA

How do you take your enterprise cost reduction strategy from alienating to engaging?

EY Alumni Network Portal. How to register

Information governance for the real world

The future of assurance How technology is transforming the audit

Make money, save money and manage risk

Best practice workshop. Training course outline

Optimize network OPEX and CAPEX while enhancing the quality of service. Telecom, media and technology January 2014

Managing the move to SMI How EY helps clients get the most from a multisourced environment Service management integration (SMI)

Making a fast start for your capital projects. Power and Utilities Maturity Model and Architecture

Intergovernmental Working Group of Experts on International Standards of Accounting and Reporting (ISAR)

IPO readiness. Save time and costs and increase transaction certainty by adopting a structured approach to your IPO journey

Is inclusive leadership a powerful catalyst for growth?

Developing high performance teams. 2 3 October 2017

Managing complexity and change in a new landscape. June 2014

HR: taking the right steps. UK leaving the EU

Institute of Global Mobility

Accounting policy and governance

Can drones & AI-enabled document analysis support audits in the future?

executives Using health insurance exchanges to gain competitive advantage

EY Training Effective Executive Secretary

EY Training Internal audit in practice: audit report writing skills

Building and operating the UK s infrastructure. Establishing your roadmap to success

Integrated Reporting Framework (IReF) & Banks Integrated Reporting Dictionary (BIRD)

Can complex demands lead to a better working world? Global Compliance & Reporting and EYKeySpace : innovation at the intersection of finance and tax

Open Banking: the technology revolution sweeping across the banking industry. Policy Pulse June 2018 compendium

Can the capital allocation process be a competitive advantage?

Transcription:

Easing the burden of data privacy compliance EU General Data Protection Regulation (GDPR) managed services Introduction Companies should not underestimate the complexity of achieving and maintaining compliance with data privacy regulation, including GDPR. Together with major changes in people, process and technology by the 25 May 2018 deadline, companies must take several steps to continuously demonstrate compliance. For organizations facing these challenges, using EY GDPR managed services will make life a whole lot easier.

Getting a grip on data Many organizations are compliant with GDPR on paper, but are yet to face the challenge of implementing the requirements through the entire personal data life cycle. This challenge can be substantial. As business models have been digitized, the volume of data held by organizations has increased significantly. The result is organizations lack a clear understanding of how much personal data they hold, whose it is, why they retain it and how it is being used across their operations. To achieve and maintain compliance with GDPR through the personal data life cycle, it is vital to gain absolute certainty on all these issues and more. The fastest, most effective and lowest risk way to do this can be by leveraging one of EY s range of GDPR managed services. And since we are constantly expanding our managed services to meet evolving client needs, the value and benefits our offering provides is also growing all the time. GDPR timeline January 2012 European Commission (EC) proposed GDPR. December 2015 GDPR agreed on. 25 May 2018 GDPR takes full effect. March 2014 EU Parliament adopted compromise text. 14 April 2016 GDPR formally adopted by EU Member States. Transition period of two years. Yes, I m compliant. 2 Easing the burden of data privacy compliance

Managed services tailored to your needs Our portfolio of managed services has been specifically designed to meet the unique requirements of any organization in a flexible and customized way. Depending on factors such as organizational setup, maturity and resourcing, we can offer a different managed service or combination of services to meet each client s specific objectives fully and effectively. For example, an organization might want to outsource repeatable tasks by using solutions, such as a managed Privacy Impact Assessment (PIA). Or it may be looking for more expert guidance to support monitoring activities, using managed data privacy analytics. Whatever the client s concerns and priorities around GDPR compliance may be, we have a managed service to meet them. Our expanding range of GDPR managed services EY s portfolio of GDPR managed services is shown in the diagram below. Together, these add up to a complete environment supporting a client in any industry to run 1 data privacy in compliance with GDPR. And as new needs emerge, we launch new services to meet them. We conduct PIAs on the basis of the privacy register and data flow mapping that we have developed for the client. We use our web-based tool to assess the data privacy maturity of an organization across 20 privacy-related domains. Maturity assessment Privacy register and PIA Input Demonstrate compliance We undertake compliance monitoring on the basis of privacy controls, supported by a tool that enables clients to demonstrate their accountability and compliance to the regulator. We apply data privacy analytics to pinpoint and analyze deviations and exceptions on a continuing basis. Monitoring (data privacy analytics) Stress testing, reporting and incident response We support incident response both technical and legal and provide periodical simulations and stress testing. 1 Please refer to EY s Developing your GDPR response for competitive advantage paper on ey.com/fsgdpr. Easing the burden of data privacy compliance 3

Two key components in our GDPR run environment Our GDPR managed services environment includes two key overarching components: Privacy control framework facilitating compliant personal data management through a holistic privacy control framework, integrating data protection throughout the organization, including project management, process and product development, as well as risk and vendor management Raising awareness helping data protection and privacy awareness through appropriate information, and specific data protection awareness trainings and workshops; the workshops help stakeholders to understand that privacy is more than a compliance or security issue, and include a privacy game, case study and break-out sessions Managed privacy register and PIA Dataflow inventory and privacy register Risk assessment dataflow Defining risk appetite Prioritize dataflows Perform PIA Define actions Companies face challenges in recruiting skills and experience in building and maintaining privacy registers and performing PIAs both of which are vital in ensuring and demonstrating GDPR compliance. To help, EY has developed a managed service that relieves clients of the internal burden of building a dataflow inventory and privacy register, prioritizing their data flows, and performing a PIA. We offer this service both on a project basis and as an ongoing operational run service. The service offers clients a range of benefits including: Faster execution of the privacy register and PIA, enabling a more timely and integrated response to GDPR compliance needs Higher quality and consistency of approach for building and maintaining the privacy register and performing PIAs, as well as for reporting and remediation, opening up opportunities for future strategic actions to realize efficiencies Access to EY s highly skilled team and global resources, leveraging our worldwide network of professionals, service centers and GDPR experience 4 Easing the burden of data privacy compliance

Managed accountability A scarcity of skills and experience in demonstrating accountability to the authorities under GDPR is making it hard for clients to meet the complex requirements in this area. The requirements include documenting data processing policies, procedures and operations, and making these records available to the supervisory authority on request. EY s Managed Accountability Service supports clients to meet these demands without heavy up-front investment and effort. The benefits for clients include: Faster and more complete accountability, supported by EY s industry-leading privacy practices, processes and methodology A basis for privacy assurance, based on audit trail, findings and documentation Access to EY s highly skilled team and global resources, leveraging our worldwide network of professionals, service centers and GDPR experience Looking beyond GDPR to privacy controls more generally, incorporating not just technology, but also legal and organizational perspectives Managed stress testing and incident response The timely response to incidents, both from a technical as well as legal perspective, is a key requirement. This can be challenging due to the lack of experience and insufficient resources to respond adequately. EY can help by providing incident response as a managed service to help your organization in the event of an incident. To better prepare for incidents, we can further support you by performing stress-testing exercises that highlight current gaps and increase overall response capabilities. Managed data protection officer (DPO) The appointment of a DPO is one of the biggest impacts of the GDPR for many organizations. The DPO not only informs and advises the organization on privacy-related matters, but also monitors compliance with the regulation and serves as the key contact toward the supervisory authority. For most organizations, the role of the DPO is new and does not seamlessly map to existing functions. In day-to-day operations, it can also prove challenging to ensure that the DPO performs the duties and tasks independently, and is not restricted by conflicts of interest with other organizational duties, as required by the GDPR. An outsourced DPO as a managed service protects independence and avoids conflicts of interest. In providing a managed DPO, EY brings in-depth advisory insights into GDPR and privacyrelated matters. Easing the burden of data privacy compliance 5

EY contacts To find out more about any of our privacy-related services and how EY can help you use GDPR as a catalyst for change, beyond compliance, please contact: Erol Mustafa EMEIA Financial Services IT Risk & Assurance Leader Telephone: +44 20 7951 0700 Mobile: +44 7979 923 611 Email: emustafa@uk.ey.com Philippe Zimmermann EMEIA Financial Services Legal Leader Telephone: +41 58 286 3219 Mobile: +41 79 341 4571 Email: philippe.zimmermann@ch.ey.com Tony De Bos EMEIA Financial Services Data Protection & Privacy Leader Telephone: +31 88 407 2079 Mobile: +31 62908 4182 Email: tony.de.bos@nl.ey.com Konrad Meier EMEIA Financial Services Data Privacy Professional Telephone: +41 58 286 4327 Mobile: +41 79 227 2367 Email: konrad.meier@ch.ey.com 6 Easing the burden of data privacy compliance

Easing the burden of data privacy compliance 7

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. 2017 EYGM Limited. All Rights Reserved. EYG no. 06226-174Gbl EY-000044638.indd (UK) 11/17. Artwork by Creative Services Group London. ED None In line with EY s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback