GDPR Trust Services

Take your organisation to the next level of GDPR data privacy maturity and demonstrate compliance

Most organisations are not (yet) fully compliant with GDPR

The EU General Data Protection Regulation (GDPR) imposes a radical and tougher data protection regulatory framework on most organisations. For Switzerland, GDPR is also of critical importance, as the scope of the regulation is far reaching.

Every data "controller" and "processor" inside and outside of the EU is regulated, if they are processing personal data in their offering of goods or services to data subjects in the EU, or if they are monitoring their behaviour within the EU.

All organisations under the regulation should by now comply with GDPR. However, our recent PwC third GDPR pulse survey shows that the majority of organisations were not ready in time.

Key results of a recent study* by the Zurich School of Management and Law show that:

  • less than 30% of the organisations have an appointed data privacy officer (also referred to as “DPO”)
  • 50% of the organisations have not yet performed a data protection impact assessment; and
  • less than 25% of the organisations are utilising technology to ensure data protection is achieved in a sustainable, effective and efficient manner.

As mentioned in the GDPR, data “controllers” and “processors” must demonstrate their compliance with the regulation. Being transparent in terms of how you as an organisation comply with GDPR provides the trust that your business partners, other stakeholders and the society in general are looking for when doing business with you. Consequently, you might face competitive disadvantages or even severe fines if you are not compliant. 

How PwC can help

As a multi-disciplinary practice, we are uniquely placed to help you adjust to a new environment driven by regulatory scrutiny around data privacy. Our data privacy team includes lawyers, consultants, auditors, cyber security and forensics experts. Our team is truly global, with expertise in all major economies. 

Within Switzerland, we have a dedicated team available with proven expertise in connecting the dots between Data Privacy, Information Governance, Data Management, Cyber Security and Trust and Transparency. Our team has extensive hands-on data privacy knowledge and experience and provides you with solutions that expand over the compliance horizon. We have helped many organisations in their journey to GDPR compliance.

Data Privacy Trust services portfolio

Organisations are facing various challenges in protecting their data and responding to the need for trust and transparency in this area. We therefore have created a comprehensive trust services portfolio.

Through a variety of available services, we are able to offer you a tailored solution, including designing and implementing the relevant controls within your existing process and technology control framework (e.g. ICS and ITGC). Alternatively, we can assist you to adopt a reference framework or other public available data privacy standard.

Our trust services portfolio allows you to further enhance and increase the maturity of your data privacy environment in a structured manner. It covers the main areas that address the GDPR requirements.

PwC data privacy trust services:

  1. Strategy, Governance & Accountability
  2. Data Processing & Individuals’ Rights
  3. Policy Management & Data Protection Notice
  4. Risk Management & Compliance
  5. Data Lifecycle Management
  6. Incident Response & Breach Management
  7. Third Party Risk Management
  8. Data Security

Our data privacy trust services will help you to achieve a sustainable, trustworthy and transparent data privacy framework.

Our experts

In Switzerland, many companies are not aware that they are falling under GDPR and others wish to postpone any efforts for data protection now and wait for the revised Federal Act on Data Protection (FADP).

Björn Sieger LL.M, Lawyer, Expert for Data Privacy at PwC Switzerland

Organisations going through readiness assessments not only increase their understanding of their privacy capabilities, they also identify priority areas for improvement.

Yan Borboën, Partner, Cybersecurity and Privacy at PwC Switzerland

Preparing for certification and assurance activities is not a straight forward exercise. It is particularly challenging to define the right scope and underlying standards.

Ralf Hofstetter, Leader Trust and Transparency Solutions, PwC Switzerland

Readiness assessment

Our detailed maturity readiness assessment focuses on all GDPR elements and the principles for effective data privacy management. The assessment is based on our best practice framework, but can be supplemented with other privacy management standards if required.

Our assessment can help you to provide your internal stakeholders with the confidence that you have taken the necessary steps to comply with the GDPR requirements. Furthermore, it helps you to prepare for more formal certification or assurance-related activities.

The readiness assessment is also an excellent way to identify and assess your third parties (e.g. vendors and services providers) for their state of GDPR compliance.

Based on the results we enable you to determine the impact of third parties on your target state of compliance and take the appropriate actions. During the assessment, we will provide you with advice on how technology can be leveraged to support your certification/assurance objectives.

We make use of our proprietary GDPR Maturity Assessment tool to measure, in a granular way, your current maturity level and define a desired maturity level for data privacy management. This will result in a maturity assessment report with detailed findings, risks and prioritised and actionable recommendations to reach the desired maturity level.

Data privacy certification & assurance activities

Our experienced auditors and privacy specialists offer data privacy solutions from controls to certification and/or assurance programmes for organisations that have completed their GDPR implementation.

We will define and agree together with you the required certification and/or assurance scope, amount of controls to be tested and testing methodology. We will apply the right certification/assurance framework based on your organisational needs and our experience. Examples of data privacy frameworks that we typically apply are the GDPR-CARPA (Certified Assurance Report-based Processing Activities Certification Criteria) from Luxembourg or the NOREA-PCF (Privacy Control Framework) from the Netherlands. Moreover, we have also developed our proprietary PwC Data Privacy Control Framework consisting of 700+ control criteria mapped against the GDPR’s legislative requirements.

Based on the selected applicable framework components, we will evaluate and attest the controls you have adopted. Where needed, we will communicate to you any necessary requirements for additional (good practice) data privacy controls. 

Finally, our certification and/or assurance deliverables, which are based on known standards (e.g. GDPR-CARPA, NOREA-PCF), and PwC proprietary frameworks will enable you to have the necessary transparency in place. The transparency will build trust with your relevant internal and external stakeholders that you have implemented and operated the necessary measures to comply with the requirements as stipulated in the GDPR.

Free of charge quick scan

Through our online and interactive platform, we offer a free of charge quick scan assessment of your current and desired data privacy environment, based on the key GDPR principles.

Our quick scan solution provides you almost instantly with an overview of how your data privacy environment currently addresses the GDPR requirements. Our quick scan focusses on the most important GDPR principles: transparency of data processing, legitimate purposes, application of data minimisation, security measures taken to protect data and ability to demonstrate compliance.

The outcome of the quick scan comprises of a high-level maturity indication with generic yet actionable recommendations. This provides you with an excellent starting point for discussions with your management to start further enhancing the data privacy maturity level and your overall state of compliance in this area. 

Get in touch with us

Please contact us to request a free of charge quick scan or to find out more about our GDPR Trust services.

Webinar on GDPR compliance and data privacy maturity

Watch our webinar now and learn more about the status of efforts to adapt to the GDPR requirements that came into effect 25 May 2018. Our PwC experts on Trust & Transparency, Information Governance, Cybersecurity and Privacy practices will share their views on how to bring organisations to the next level of GDPR compliance and data privacy maturity, and how to prepare for upcoming certification and attestation requests.

Contact us

Yan Borboën

Partner Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 84 59

Ralf Hofstetter

Trust & Transparency Solutions, PwC Switzerland

Tel: +41 58 792 5625

Björn Sieger

Information Governance, PwC Switzerland

Tel: +41 58 792 54 15

Vincent Colonna

Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 9032