Data Privacy

Data privacy solutions

Personal data protection is challenging for organizations of all sizes, industries, and territories. It does not only mean compliance with the various requirements of General Data Protection Regulation (GDPR), but also managing personal data in such a way that is both efficient and safe. This is how we look at compliance with GDPR and when preparing our data privacy solutions: to find the most efficient approach to compliance. How do we do it? Read on.


Playback of this video is not currently available

PwC developed an efficient tool for management of your personal data inventory, without expensive software to be implemented and licensing fees to be paid. | Duration 2:00 

Key issues

GDPR personal data inventory tool

We think that understanding where and how you process your personal data at all times - an efficient and simple personal data management solution - is the key to continued compliance. The essential step is to maintain a clear inventory of personal data processing in the organization. This means evidence of clearly defined purposes of processing, legal basis, IT systems involved, etc., for all types of personal data processed.

Our automated solution: the automated personal data inventory tool maintains a detailed database of all personal data processing, with a simple user interface and low cost. By performing data mapping ourselves, or using your existing Art. 30 reports, we tailor our automated personal data inventory tool for you, including:

  • Centralized storage of the database with customized user access rights

  • Easy updating of data

  • Avoiding new complex software implementation – our solution is based on Office 365, with no additional licensing fees

Watch our product video on the top of the page, and we will be happy to show you a demonstration.


Business Intelligence (BI) is a process of analyzing large volumes of data to enhance business performance by providing end users such as corporate executives and business managers to take more informed business decisions.

The business intelligence market is likely to grow reasonably in the forecasting period due to increasing adoption of cloud, growth of advanced analytics, adoption of data-driven decision making, and emergence of IoT enabled technologies.

Modern business intelligence and analytics market is expected to grow 19% by 2020, a Gartner study said.

see more

Automated DPIA tool

Are you sure that you have sufficiently covered all the risks of personal data processing in your organization?

GDPR comes with a requirement to analyse the risks of personal data processing in a specific way: to perform data privacy impact assessments in line with GDPR Art. 35. Every data controller must first assess which of their existing or planned personal data processing operations require such an assessment, and then perform the assessment in accordance with requirements of Art. 35.

We will provide you with an easy-to-use DPIA methodology with automated steps, including an assessment of whether DPIA is required (based on WP29 and national regulator criteria). The added value for you is that it saves your time when performing and documenting a DPIA assessment. We can provide you with our template automated tool, train you in performing the assessment, or perform the assessment for you, so that you can sleep soundly knowing your risks are covered, and you can clearly demonstrate compliance to the regulator.

see more

Monitoring GDPR compliance

How do you tangibly assess GDPR compliance status so you can sleep soundly? Are there any areas for quick-fixes, or are there any serious gaps which could leave you exposed to penalties?

Instead of spending on developing a new methodology (e.g. by your internal audit), we can provide a ready-made work program, which can be tailored to your needs. This will enable you to identify potential risk areas, and transparently demonstrate compliance to the regulator.

PwC has developed an automated tool which can be applied by the DPO or internal audit to assess the status of GDPR compliance and identify remaining risks.

It includes checklist-style items and automated documentation steps with automatically evaluated responses. Content can be tailored to address your company policies, processes, etc.


see more

Data erasure rules

The obligation to only keep personal data for the minimum necessary period of time, and subsequently to erase it is applicable to all companies. How long should companies keep personal data? When does the retention period start for particular types of data? And is it even technically feasible to physically erase the data? Data controllers face a challenging task to address these practical issues, and erase data in accordance with GDPR requirements.

Based on our experience in personal data mapping and building on our personal data inventory solution, our team can help you to :

  • Identify legislative requirements for retention periods of personal data types in various geographies

  • Recommend retention periods for types of personal data where no archiving requirement exists

  • Prioritize IT systems for data erasure

  • Prepare data erasure rules for individual IT systems and for individual types of personal data

Data erasure rules are a set of clear rules stating at what point in time should each type of data be erased in an IT system.


see more

Audit of data processors

In accordance with GDPR, the responsibility for compliance lies with the data controller. This does not apply only in terms of possible penalties, but the data controller is also liable in the eyes of the public – as the controller is the publicly visible entity. How can you obtain reliable information about whether data processing by the processor is carried out in line with security measures, and whether data breaches have been prevented? 

An audit of the security measures implemented by the data processor performed by an independent party will ensure an objective assessment of the data processor.

  • We provide a standardized methodology for the performance of audit of personal data processors, which will save your time in the performance and documentation.

  • We also perform audit of selected data processors, and can train your staff in performance of audits

  • The outcome of each data processor audit is audit documentation and a findings report.

see more

How can PwC help your organization manage personal data processing?

At the end of the day, the aim of GDPR is to ensure organizations only process personal data for clearly defined purposes, in the minimum necessary extent, and for the minimum required period of time. We have helped many organizations with first adoption of GDPR requirements, implementation of related processes and drafting of appropriate documentation. We always keep in mind the context of each organization and its specific needs, so we can design solutions which make sense. 

In addition to the tools above, we support practical data privacy solutions by networking with Data Protection Officers in Slovakia:

1. DPO Forum

The aim of the platform is to bring together experts, advisors and data protection officers who often deal with similar issues, or are interested in sharing their experience and best practices in meeting requirements of personal data protection. Should you be interested in participating in the platform meetings, please contact us.

2. Newsletter on current issues of personal data protection

We prepare a regular newsletter containing the latest news and interesting facts regarding personal data protection. The topics include: new legislation and regulations, information on breaches and incidents, and other interesting issues. Sign up for a free subscription via the following link.


Contact us

Štefan Čupil

Štefan Čupil

Director, PwC Slovakia

Tel: +421 259 350 599

Marek Frecer

Marek Frecer

Senior manažér, PwC Slovakia

Tel: +421 915 998 429

Follow us