GDPR services | KPMG | RU

GDPR services

GDPR services

KPMG will help identify if your business is subject to GDPR, and provide assistance in ensuring compliance with the new regulations.

KPMG will help identify if your business is subject to GDPR.

Brief description: The European Union's General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. Russia is not a member of the European Union, for which reason the EU jurisdiction (including the GDPR scope) does not extend over the territory of the Russian Federation. However, subsidiaries, branches and representative offices of Russian entities, which operate in the EU, directly fall within the GDPR framework.

The potential fines for violations of GDPR requirements are unprecedentedly significant. Depending on the breach, the level of fines may be up to 2 or 4 percent of the global annual turnover for the preceding financial year, or EUR 10 or 20 million, whichever is greater.

KPMG will help identify if your business is subject to GDPR, and provide assistance in ensuring compliance with the new regulations.

KPMG experts provide the following GDPR services:

Quick assessment of GDPR applicability

Quick assessment of GDPR impact on business and data protection readiness.

Analysis of compliance with GDPR requirements and development of a roadmap on further actions

• Audit of personal data processing workflow in compliance with GDPR requirements and local legislation. Non-compliance identification and analysis.

• Development of a roadmap to ensure compliance with GDPR requirements and local personal data legislation, adaptation of GDPR requirements to corporate business processes.

Inventory of personal data and personal data flows

• Assessment of personal data processing workflows. Identification of personal data processing workflows representing a high risk in terms of rights and freedoms of personal data subjects. Identification of personal data flows including cross-border transfer of personal data, and personal data processed by third parties.

• Identification of the list of personal data, list of personal data subjects, locations, tools and methods of personal data processing, and persons who have access to personal data.

Raising awareness

Conducting and/or developing events (trainings, roundtables, workshops) to raise awareness of employees on the basic principles of personal data processing and data confidentiality.

Assistance in implementing GDPR processes

Assistance to the client’s team in implementing and monitoring GDPR compliance measures, including the development and implementation of personal data management procedures, implementation of GDPR requirements into IT and business processes, as well as measures necessary to ensure compliance of the business with GDPR requirements.

Assistance in performing Data Privacy Impact Assessments (DPIAs)

Assistance in assessing the impact on data confidentiality: a thorough and documented analysis of risks for personal data subjects when processing personal data, identification of risk mitigating measures.

Read more about our services here.

Connect with us

Контакты