Data privacy, trust and governance strategy

Unlocking the value of data in a trusted, secure and privacy-protective way

In Canada, governments are proposing new privacy laws to give individuals more control over and transparency into how companies handle personal information.

With recent legislative initiatives like the Digital Charter Implementation Act, 2020 (Bill C-11), entitled the Consumer Privacy Protection Act (CPPA), and Quebec’s Bill 64, organizations are facing increasing challenges to getting value out of data responsibly and securely.

Other jurisdictions are looking to follow suit with their own new laws. With discussions about privacy taking centre stage amid the growing demand for data, people are more aware of their privacy rights than ever before.

The changing landscape means privacy and data protection are fundamental business issues, regardless of which jurisdiction an organization is in or where it does business. As concern about privacy becomes a global phenomenon, organizations are collecting and processing large amounts of personal information, including sensitive personal information, which means privacy, security and trust are becoming increasingly vital and intertwined.

How we can help

We can help you rise to the challenge of privacy management and build data trust by helping you develop, operate and maintain an effective privacy program through our business expertise, technology, tools and ongoing support. As a result, you can focus on your core business, improve your competitiveness, build customer trust and continue to drive the most value from your data.

Our services

  • Strategy and governance: Define an overarching privacy program governance structure, roles and responsibilities designed to coordinate, operate and maintain the program on an ongoing basis.
  • Policy management: Document privacy policies, notices, procedures and guidelines formally to make sure they’re consistent with applicable laws and regulations.
  • Cross-border data transfer: Determine go-forward cross-border data transfer strategy based on current and future planned data collection, use and sharing.
  • Data life cycle management: Create ongoing mechanisms to identify new personal data processing and use activities and implement appropriate checkpoints and controls.
  • Individual rights processing: Enable the effective processing of consent and data subject requests, such as data access, deletion and portability.
  • Privacy by design: Develop a strategy and playbook for privacy by design to incorporate privacy controls and impact assessments throughout the data life cycle for new and changing data use initiatives.
  • Information security: Identify existing security information protection controls and align security practices with regulatory considerations.
  • Incident management: Align incident response processes with regulatory specifications and reporting requirements. Establish a triage approach to evaluating potential privacy.
  • Data processor accountability: Establish privacy requirements for third parties to mitigate risks associated with access to the organization’s information assets. Inventory third parties where personal data is transferred.
  • Training and awareness: Define and implement a training and awareness strategy at the enterprise and role levels.

Our approach

Discover and analyze

Identify and classify relevant data, systems and processes, and assess organizational readiness for data strategy optimization.

Assess and recommend

Assess privacy control readiness within the in-scope data boundary against existing capabilities.

Strategize and plan

Mobilize cross-functional support and accountability for remediation and implementation.

Design and build

Implement privacy capabilities, mitigate identified gaps and establish sustainable privacy controls.

Operate and monitor

Establish ongoing compliance mechanisms to promote continued accountability.

Stay up to date

Sign up to receive PwC Canada risk and regulatory content.

Contact us

​Jordan  Prokopy

​Jordan Prokopy

National Data Trust & Privacy Practice Leader, PwC Canada

Tel: +1 416 869 2384

Kathleen Champagne

Kathleen Champagne

Managing Director, Cybersecurity & Privacy, PwC Canada

Tel: +1 416 815 5108

Jennifer Johnson

Jennifer Johnson

Strategy & Transformation Leader, PwC Canada

Tel: +1 416 947 8966

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Tel: +1 416 815 5306

Follow PwC Canada