Navigating data privacy regulations

New data privacy and protection legislations, both globally and within the region, are driving consumer demands around trustworthy and transparent use of personal data. Privacy regulations protect the rights of the individual (the data subject) with respect to fair and lawful collection and use of their personal information by organisations. Non compliance can result in fines and reputational damage.

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Data privacy is far more than just the security and protection of personal data. It all boils down to how organisations are using that personal data. Organisations need to process personal data in an ethical and legal manner. That could mean not bombarding customers with unwanted SMS marketing messages but it could also mean simply not sharing personal information with third parties without the customer’s consent. It doesn’t mean that marketing is now forbidden under data privacy laws but it does mean that organisations need to be transparent about what personal data they are capturing and how it’s going to be used. Many organisations recognise the significant risks of cyber attacks and data breaches but fail to understand what else is required to safeguard what is referred to as the “rights and freedoms of individuals”.

Assess your data privacy maturity

Why is data privacy important?

Companies that fail to protect personal data and comply with data privacy regulations aren’t just risking financial penalties. They also risk operational inefficiencies,  intervention by regulators and most importantly, permanent loss of consumer trust.

Ten steps to an effective data privacy programme

1. Appoint a Data Protection Officer

2. Maintain a personal data register

3. Notify purpose and seek consent

4. Respond when individuals ask about their personal data

5. Enforce security mechanisms

6. Embed data privacy into your systems, processes and services

How we can help

We start by helping put the data protection requirements in the context of the business. We have developed a five step approach to transforming privacy programmes, with tools and accelerators to assist the process.

Risk analysis and data discovery

What you will get

  • Stakeholder engagement and communications plan
  • Personal data inventory
  • Data flow maps showing the movement of personal data from collection through to disposal

Gap assessment

What you will get

  • Control gap analysis
  • Risk assessment based on current and planned future uses of personal data

Target operating model and programme design

What you will get

  • Detailed remediation project plan with identified organisational impact
  • Cross-functional working group established

Programme implementation

Areas of focus

  • Strategy and governance
  • Policy management
  • Cross-border data strategy
  • Data life-cycle management
  • Individual rights processing
  • Privacy by design
  • Information security
  • Privacy incident management
  • Data processor accountability
  • Training and awareness

Ongoing operations and monitoring

What you will get

  • Defined ongoing monitoring programme
  • Tracking and retesting of non-compliance
  • Protocols for changes to policies and procedures

Contact the team

Speak to our local multidisciplinary team of data privacy experts to determine the best approach to managing data privacy in your organisation.

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Matthew White

Matthew White

Partner, Digital Trust Leader, PwC Middle East

Tel: +971 (0) 56 113 4205

Phil Mennie

Phil Mennie

Partner, Digital Trust, PwC Middle East

Tel: +971 (0) 56 369 7736

Nakul Srivastava

Nakul Srivastava

Director, Digital Trust, PwC Middle East

Tel: +971 56 409 2718

Richard Chudzynski

Richard Chudzynski

Legal Data Privacy and Protection Leader, PwC Legal Middle East

Tel: +971 (0) 56 417 6591

Follow us