Privacy advisory

In Canada, the federal government has introduced privacy breach notification requirements under the Personal Information Protection and Electronic Documents Act (PIPEDA). With recent legislative initiatives like the European Union's General Data Protection Regulation (GDPR) and California's Consumer Protection Act (CCPA), organizations face increasing needs around data privacy protection and compliance.

Other jurisdictions are looking to follow suit with their own new laws, and with discussions about privacy taking centre stage amid the growing demand for data, people are more aware of their privacy rights than ever before. It’s an issue that goes well beyond concerns about cybersecurity and GDPR compliance.

The changing landscape means privacy and data protection are fundamental business issues, regardless of which jurisdiction an organization is in or where it does business. As concern about privacy becomes a global phenomenon, organizations are collecting and processing large amounts of sensitive personal information, which means they’re at risk of everything from fines and regulatory reviews to loss of confidence and reputation.

How we can help

Our Privacy advisory offering can help you rise to the challenge of privacy management and compliance. We can help you build, operate and maintain an effective privacy program through our business expertise, technology, tools and ongoing support. As a result, you can focus on your core business, improve your competitiveness and continue to make the best use of your data.

Our approach is a cost-effective option for building your privacy program more quickly than you would be able to create on your own and for managing privacy issues on an ongoing basis. You’ll have access to the resources and trusted adviser you need to make sure you have the right tools, technology and governance in place to handle the full range of privacy issues.

Our services include:

  • policy management and privacy notices

  • privacy incident reporting and notification requirements

  • responding to individual requests for personal data

  • third-party assessment and remediation

  • accountability and compliance reporting

  • data mapping to see data flows throughout the organization

  • privacy impact assessments

  • support to create and manage a data inventory

Learn more about our services

Deal effectively with a breach

Jurisdictions around the world are implementing rules around privacy breach notification. By responding effectively to data incidents and meeting your notification obligations, we help you bolster customer and stakeholder trust and manage financial, legal and regulatory risks.

Mastering due diligence

We help you assess and manage vendors while making sure you have the right due diligence and safeguards in place. Reduce your risk through appropriate contract standards and operational controls.

Respond appropriately to requests

The GDPR may be just the start of new rules expanding individual rights over their data. The emergence of privacy as a global phenomenon means people are very aware of their rights, which increases the need for organizations to get ahead of the issue. We help you answer requests by consumers to access, correct and delete their information in a timely way so you can build trust and confidence.

Transferring data across borders

With rising concern about moving information around the world, organizations need to be careful about data transfers. We help you pinpoint the right ways to transfer data across borders, which you can incorporate into your agreements.

Our approach

Our experts understand the fast-changing rules and expectations around privacy management. Through our subscription offering, you get access to on-demand operational support without having to build out your own privacy program or hire additional staff.

We support your privacy officer, who retains responsibility for making decisions, with guidance and recommendations to help you with your privacy office functions and meet and stay up to date on heightened rules and expectations. We’re also able to look across our customer base to proactively advise you on privacy issues you may want to address.

Explore the issues further

Get ready for mandatory breach notification

Effective November 1, 2018, companies subject to Canada’s privacy law will be required to record and report breaches of security safeguards. The new breach rules may require changes to your breach management and privacy practices.

Find out more

Are you ready for GDPR?

The EU General Data Protection Regulation (GDPR) takes effect on May 25, 2018, creating challenges—and opportunities—for every organization doing business in the European Union. GDPR may apply to Canadian businesses, since a business doesn’t need to have a physical presence in the European Union to be subject to GDPR.

Find out more

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

Contact us

​Jordan Prokopy

Director, National Privacy Practice Leader, PwC Canada

Tel: +1 416 869 2384

Constantine Karbaliotis

Director, Leader Managed Privacy Services, PwC Canada

Tel: +1 416 869 2463

René W. Vergé

Director, Privacy & Cyber Security, PwC Canada

Tel: +1 514 205 5365

Follow PwC Canada