Data privacy, trust and governance strategy

Unlocking the value of data in a trusted, secure and privacy-protective way

Companies are using the power of data to reimagine how they engage customers, manage supply chains, improve health outcomes, reduce emissions and solve other complex business and societal problems. And the opportunities borne by the sheer volume of data are only multiplying.

But organizations’ ability to convert data into value is hindered by a trust divide. Wary customers expect stronger data privacy and security safeguards. And governments are responding with strict regulations backed by significant fines.

Using data responsibly, securely and ethically is a business imperative for the next decade and beyond. We’re seeing the emergence of a new social contract between business, government and citizens that elevates the importance of data trust. The companies that take charge of their data—discovering, protecting, governing and disposing of it in the data lifecycle—with privacy considerations in mind will have the greatest opportunities to innovate, improve customer experiences, drive strategic objectives and improve social outcomes.

The business challenges we’re solving for today

In today’s world, companies face multiple data challenges:

81% of executives agree that as the business value of data grows, the risks companies face from improper handling of data grow exponentially¹

Explosion of data

More data was generated in the past two years than in all previous years combined. Harnessing the immense potential of data can help your organization drive innovation, grow revenues and solve complex problems.

Heightened risk landscape

As the business value of data grows, the risk organizations face from improper handling of data grows exponentially. 

Privacy-embedded digital transformation

Siloed legacy programs provide minimal data trust and privacy considerations to adequately govern, discover, protect and minimize the data organizations hold. 

Lack of citizen and consumer confidence

Trust in companies to use data responsibly is falling, not rising. And customers expect more. We’re at a critical juncture in Canada’s data economy with an abundance of opportunity, but a lack of consumer trust. 

New privacy regulations

Privacy regulations are constantly emerging in Canada and around the world. The more data is used, the more organizations are susceptible to data-driven public policy risk. Global and Canadian policy trends require organizations to understand and forecast the impacts. 

Quebec Law 25: With similar provisions as the EU’s General Data Protection Regulation(known commonly by its acronym, GDPR), Law 25 (previously Bill 64) passed in September 2021 and applies to Quebec’s provincially-regulated organizations. Articles had 12, 24, and 36-month grace periods from the date of royal assent and will come into effect ahead of or concurrent with anticipated federal privacy updates. 

Bill C-27 (Digital Charter Implementation Act): Replacing Section 1 of the Personal Information Protection and Electronic Documents Act (known commonly as PIPEDA), as well as introducing a governing tribunal and new requirements regarding AI  Bill C-27 promotes increased protections for privacy and responsible development and deployment of AI. The bill includes a maximum fine of 5% of global revenue for serious contraventions of the law—among the highest in the world. It would also create a new data and information commissioner position and increase the powers of Canada’s privacy commissioner.

Organization-level challenges

The data trust journey affects an entire organization. Siloed, piecemeal approaches are untenable. Cross-functional support and business engagement are vital.

How we can help

Improving customer experiences and building trust in data can help your organization unlock data value and become future-ready. Now is the time to build a data ecosystem for creating, sharing and retiring data securely and transparently. 

Our team of privacy and cybersecurity strategists, experts and data engineers bring decades of experience and leading data protection capabilities to help you responsibly manage your data trust lifecycle and tackle privacy compliance challenges.

86% of executives believe their competitive standing depends on their ability to extract value from data²

The business benefit

Establishing a secure process lets you collect and responsibly use data—helping you unlock the value of data while avoiding security breaches that could trigger fines and brand damage.

Improve customer trust

Letting customers and other stakeholders know how you’re protecting their information helps strengthen your organization’s most critical relationships.


Future-proof your business

A strategic, privacy-first data trust approach can help position your business to comply with the growing number of privacy regulations around the world.

Navigate data challenges and risks

Organizations face a heightened data risk landscape. A breach or finding of non-compliance can harm your reputation, disrupt your operations and result in lost revenues and regulatory sanctions. A formalized data trust approach helps mitigate those risks, giving your organization the confidence to process data in ways that create value. 

Unlock data value

Using data securely and effectively can help companies generate new products and services, improve employee productivity and make business operations run smarter and faster.

Data trust

At PwC Canada, we help organizations take an integrated approach to data trust in four key areas: data governance, data discovery, data protection and data minimization.

< Back

< Back
[+] Read More


Our suite of privacy services help organizations transform their business so they can responsibly and transparently use data to drive value and achieve their business objectives. 

Our services

Developing capabilities and mastering the following ten privacy domains is key to operating a successful privacy program. 

  • Strategy and governance: Define an overarching privacy program governance structure, and the roles and responsibilities to coordinate, operate and maintain the program on an ongoing basis. 
  • Policy management: Formally document policies, notices, procedures and guidelines to ensure they’re consistent with applicable laws and regulations and consistently applied.
  • Cross-border data transfer: Determine a go-forward cross-border data transfer strategy based on current and future planned data collection, use and sharing. 
  • Data lifecycle management: Create ongoing mechanisms to identify new personal data processing and use activities and implement appropriate checkpoints and controls. 
  • Individual rights processing: Enable the effective processing of consent and data subject requests, such as data access deletion and portability. 


  • Privacy by design: Develop a strategy and playbook for privacy by design to incorporate privacy controls and impact assessments throughout the data lifecycle for new and changing data use initiatives. 
  • Information security: Identify existing security information protection controls and align security practices with regulatory considerations. 
  • Incident management: Align incident response processes with regulatory specifications and reporting requirements. Establish a triage approach to evaluating potential privacy risks. 
  • Data processor accountability: Establish privacy requirements for third parties to mitigate risks associated with access to the organization’s information assets. Inventory the third parties to whom personal data is transferred. 
  • Training and awareness: Define and implement a training and awareness strategy at the enterprise and role levels.

Our approach

PwC Canada’s data trust and privacy transformation approach provides an end-to-end program to help align your business risks with your business goals. This lets your team understand the impact of privacy so they can build trust and cultivate growth opportunities.

Discover and analyze

Identify and classify relevant data, systems and processes, and assess organizational readiness for data strategy optimization.

Assess and recommend

Assess data trust and privacy program readiness within the in-scope data boundary against existing capabilities.

Strategize and plan

Mobilize cross-functional support and accountability for the ongoing data trust and privacy program.

Design and build

Implement data trust and privacy capabilities, mitigate identified gaps and establish a sustainable ongoing program.

Operate and monitor

Establish an ongoing data trust and privacy program to promote continued accountability.

PwC's Data Trust Lab

Our Data Trust Lab is an enabler for unlocking data value responsibly, securely and ethically. It contains a catalogue of data trust use cases, a set of popular data trust vendor sandboxes and lessons learned throughout use case development. 

Use cases contained in the Data Trust Lab are applicable in various stages during an organization’s data journey. They include data mapping, inventory and PIA/DPIA automation, AI-powered data discovery, privacy dashboarding and visualization, business and technical lineage and data shopping. 

To help businesses navigate the myriad of challenges presented by the data economy, we’ve also identified the most sought-after privacy technology providers to overcome the technical and operational complexities of regulatory compliance. These vendor tools demonstrate and integrate the enabling and accelerating functionalities of the Data Trust Lab. 

Contact us

​Jordan  Prokopy

​Jordan Prokopy

National Data Trust & Privacy Practice Leader, PwC Canada

Tel: +1 416 869 2384

Alvin Madar

Alvin Madar

Partner, Cybersecurity, Privacy and Financial Crime and National Cybersecurity Leader, PwC Canada

Tel: +1 604 806 7603

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Kathleen Champagne

Kathleen Champagne

Managing Director, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 815 5108

Follow PwC Canada