On 25 May 2018, the GDPR has come into force, revolutionising the way that personal data are used and handled. Controllers and processors of personal data in Mauritius now need to comply or face penalties. PwC can help.
Nevertheless, the GDPR also represents an opportunity to:
• Transform your approach to privacy,
• Harness the value of your data, and
• Ensure your organisation is fit for the digital economy.
This means getting ready now. Not all organisations will be compliant by May 2018, but GDPR regulators will need to see by then that robust plans are in place.
Personal data protection also plays a pivotal role in Mauritius' digital economy. To meet the evolving needs the Data Protection Act 2017, aimed to strengthen the control and personal autonomy of data subjects over their personal data. It also seeks to bring Mauritius data protection framework into line with international standards, namely GDPR.
Stewart Room, Joint Global Head of Data Protection and Global Legal Services leader, PwC UK, discusses the General Data Protection Regulation (GDPR) and its impacts for both entities and citizens | Duration 1:48
GDPR’s scope and requirements are deep and complex, so prepare for it now to help ensure compliance. The regulation requires a programmatic approach to data protection - so you’ll need a defensible program for compliance and to prove you’re acting appropriately. Ask your organisation these questions:
Your organisation may be just getting started - or may already have a GDPR programme in place. We believe that the major steps on the way to compliance are as follows: Assess - Design - Transform/Implement - Operate.
PwC has developed a 5-phase transformation approach to support you through the compliance process. Wherever you are on your journey, our Data Protection Team can help you meet the requirements of GDPR, by tailoring industry-specific solutions for your organisation.
You should determine what existing practices need to be changed or what new processes you’ll need to achieve GDPR compliance. Depending on the scope of your business with EU residents, that may include establishing clear (and documented) accountability for compliance, reviewing the context for lawful processing and third-party contracts, and developing policies and protocols to execute on any data deletion request. It also means regularly reviewing your processes to ensure you’re staying compliant.
Tools like PwC’s GDPR Readiness Assessment Tool can provide a top-down assessment to help prioritize your efforts and identify areas which require utmost attention.
Jean-Pierre Young, ACA, CIA
Advisory Leader, PwC Mauritius
Tel: +230 404 5028
Partner, Cybersecurity & Privacy, PwC Mauritius
Tel: +230 404 5015