GDPR compliance using ServiceNow | KPMG | US
close
Share with your friends

GDPR compliance using ServiceNow

GDPR compliance using ServiceNow

What is GDPR? The EU General Data Protection Regulation (GDPR) is a law designed to update and unify the European Union approach to personal data privacy and protection. Full text is available at the European Commission website (http://ec.europa.eu).

1000

Contact

Managing Director

KPMG in the U.S.

Contact

Related content

gdpr-compliance-servicenow

KPMG’s unique GDPR point of view

What is GDPR? The EU General Data Protection Regulation (GDPR) is a law designed to update and unify the European Union approach to personal data privacy and protection. Full text is available at the European Commission website (http://ec.europa.eu).

How do I move towards maturity? The GDPR sets a high bar for compliance, with 99 articles and over 170 recitals. While the regulation defines compliance as binary, organizations just beginning to tackle compliance should consider prioritizing development, implementation and governance of:

  • Privacy Governance Model
  • Records of Processing Activities
  • Data Protection Impact Assessment
  • Data Subject Rights
  • Privacy Incident Response

When a solid foundation is in place for initial compliance, focus should shift toward:

  • Global consistency/centralization
  • Extension to “Tier 2” processes, applications, and data
  • Strategic balance of business imperatives and use of data with regulatory mandates
  • Alliances and enhanced B2B/third party cooperation
  • Data asset and mapping tools
  • Metrics, trending, and reporting (operational and executive)

Ultimately, as with most regulations, organizations should strive toward better, faster, and most cost effective compliance.

It’s all about data, isn’t it? Although it may seem counterintuitive to privacy practitioners, organizations are too focused on and distracted by data when it comes to privacy compliance. In order to sustain privacy compliance and risk management efforts over time, organizations should instead start with an intimate understanding of business processes. With GDPR, the Privacy Office must be familiar with how (and why) high-risk business rocesses gather, use, manage, and store personal data. Armed with this understanding, the Privacy Office can make better risk-based determinations of where to focus privacy governance investments.

How can KPMG help? KPMG LLP is different. We work alongside our clients to design, implement, and govern a self-service, on-demand, and solutions-focused approach to privacy compliance that will demonstrably deliver real business value by materially lowering the cost of compliance, lowering the cost of control, and increasing the confidence that Executives have with regards to protecting at-risk personal data assets.

Our approach to privacy

KPMG’s Privacy Management Framework allows organizations to define key privacy considerations. The Privacy Management Framework provides a modular, practical and pragmatic structure for organizing the day-to-day management and oversight required to operationalize and sustain privacy, including managing GDPR compliance considerations. As organizations mature, these framework elements can be enabled using technology such as ServiceNow to automate and improve efficiency of an organization’s GDPR program.

Privacy principles

Privacy components are viewed against the internationally recognised “Generally Accepted Privacy Principles”, which provide the foundation for our Privacy Management Framework.

KPMG approach

Our Privacy services are designed on the basis that organisations need tailored risk based solutions to address their individual Privacy needs, risk appetite, and future business and IT strategy. Its modular and layered structure enables targeted and tailored solutions to be designed, developed, implemented and monitored on a consistent basis.

Privacy management framework

Our framework elements are what organizations employ to mange privacy. They provide a practical and pragmatic structure for organizing the day-to-day management and oversight required to manage privacy.

To learn more, please download the .pdf.

Auditor independence KPMG complies with the auditor independence rules of the AICPA, SEC, PCAOB and DOL. As a result, certain alliance-based solutions cannot be offered by KPMG to our audit clients. KPMG audit clients should check with their respective lead audit partner for more information.

Connect with us

 

Request for proposal

 

Submit