EY s data privacy service offering

Similar documents
Demonstrating data privacy for GDPR and beyond

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

EY s Data Privacy Services. January 2019

Big data privacy in Australia

ISACA Cincinnati Chapter March Meeting

Protecting your data. EY s approach to data privacy and information security

GDPR. Lessons Learned

What s new in EY Atlas. November 2018

Step 1: Open browser to navigate to the data science challenge home page

Tax News Update: Global Edition (GTNU) User Guide

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

GDPR: A QUICK OVERVIEW

Safeguarding unclassified controlled technical information (UCTI)

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Data Management and Security in the GDPR Era

Danish Cloud Maturity Survey 2018

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Global Information Security Survey. A life sciences perspective

Digital trends in real estate, hospitality and construction. Building blocks for future growth. Brochure title RR. Brochure subtitle RR

EY Norwegian Cloud Maturity Survey 2018

Project Management Professional PMP. Exam preparatory course

EY Training. Project Management Professional PMP. Exam preparatory course. 30 September 4 October 2018

The GDPR Are you ready?

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

General Data Protection Regulation (GDPR) The impact of doing business in Asia

EY GlobalOne Individual Portal

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

Quality Management Systems (ISO 9001:2015 and ISO 29001) Lead Auditor training (EY/IMSA Q03)

BHConsulting. Your trusted cybersecurity partner

Advanced Security Centers. Enabling threat and vulnerability services in a borderless world

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Cybersecurity: balancing risks and controls for finance professionals

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

Meeting GDPR requirements in your S2 Security environment

THE POWER OF TECH-SAVVY BOARDS:

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Does someone else own your company s reputation? EY Global Information Security Survey 2018

Our Data Protection Officer is Andrew Garrett, Operations Manager

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Embedded SIM Study. September 2015 update

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Turning Risk into Advantage

Digital innovation? Cyber secure? Digital security: a Financial Services perspective

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

EXAM PREPARATION GUIDE

ENISA s Position on the NIS Directive

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

EY Consulting. Is your strategy planning for the future or creating it? #TransformativeAge

Google Cloud & the General Data Protection Regulation (GDPR)

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

Creating Value With GDPR

falanx Cyber ISO 27001: How and why your organisation should get certified

MITIGATE CYBER ATTACK RISK

IT Attestation in the Cloud Era

Coworking 2.0. Stavební Fórum October

General Data Protection Regulation (GDPR) NEW RULES

Modern Database Architectures Demand Modern Data Security Measures

Royal Mail Consultation: Changes to Postal Schemes to reflect new data protection legislation

Data Processing Clauses

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

SOC for cybersecurity

Information Security Strategy

ARE YOU READY FOR GDPR?

BHConsulting. Your trusted cybersecurity partner

EU General Data Protection Regulation (GDPR) Achieving compliance

Improve your business performance

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

A1 Complete Plumbing and Heating Limited Job Applicant Privacy Notice

NEWSFLASH GDPR N 8 - New Data Protection Obligations

The New Healthcare Economy is rising up

GDPR Update and ENISA guidelines

The website. Use of cookies. Introduction

2 The IBM Data Governance Unified Process

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Disaster recovery strategic planning: How achievable will it be?

Recommendations on How to Tackle the D in GDPR. White Paper

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Magento GDPR Frequently Asked Questions

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

An overview of mobile call recording for businesses

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

Design by Privacy: A holistic approach to privacy by design

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Business Continuity Management Standards A Side-by-Side Comparison

ATHLETICS WORLD CUP PRIVACY NOTICE

DATA PROTECTION BY DESIGN

Cybersecurity. Securely enabling transformation and change

Transcription:

EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information. Changing regulatory requirements including GDPR are combining with rising customer expectations to create growing challenges around data privacy. But companies that take a compliance-centric approach to data privacy are missing out on an opportunity to gain competitive edge. EY s data privacy service offering helps clients blend data privacy with transparency equipping them to win customers trust and loyalty in a GDPR world.

GDPR timeline January 2012 European Commission (EC) proposed GDPR December 2015 GDPR agreed 25 May 2018 GDPR takes full effect March 2014 EU Parliament adopted compromise text 14 April 2016 GDPR formally adopted by EU member states Transition period of two years Transforming and integrating your approach to data privacy Many companies today are fully aware of and focused on the need to comply with data privacy regulations, including GDPR, but many find it difficult to integrate all their data privacy-related activities into their everyday organizational processes. EY has the answer: our data privacy transformation approach, in which we integrate all our data privacy-related services into a single offering. Using our proprietary five-stage approach, we help clients embed all activities related to data privacy into their operational business as usual. Five stage transformational approach EY s data privacy capabilities include: Privacy strategy and governance Privacy design and implementation Privacy impact assessment Data flow mapping Managed services Privacy program and data management Privacy and data analytics, including anonymization and pseudonymization Maturity assessment Gap assessment Data breach notification and incident management Third-party and vendor management Training and awareness 1. Understand 2. Assess 3. Define 4. Recommend 5. Run This approach not only drives GDPR compliance, but also increases the data maturity of the business as a whole helping clients to extend their data usage capabilities, and boost the effectiveness of their data analytics and dashboarding. 2 EY s data privacy service offering

Getting to grips with the impacts and implications of data privacy The fact that data privacy regulations in general and GDPR in particular have broad impacts across the organization, can make it hard to pinpoint their specific effects. It can also be difficult to look beyond the regulatory and technological issues to grasp the competitive opportunities that privacy presents. An EY GDPR awareness workshop helps clients understand why privacy is much more than just a compliance or security issue. Some of the key elements are summarized below. After the workshop, your business will really understand how you re impacted by GDPR and be well equipped to navigate today s complex privacy landscape. EY s GDPR awareness workshop includes: An overview of the changing regulatory landscape An interactive three-hour session examining privacy from multiple perspectives An exploration of the links between privacy and business initiatives Sharing and discussion of leading practices and lessons learned with EY s privacy professionals Assessing GDPR s impacts and gaining the insights needed to address them To plan out your responses to GDPR, you must first identify the gaps between where you are today in terms of data privacy and where you need to get to in the future. You also need to conduct a Privacy Impact Assessment (PIA) and map out the flows of data across your operations. All of these elements are part of EY s GDPR assessment and roadmap offering. Often combined with the GDPR awareness workshop, this approach starts with our privacy team executing our proven GDPR assessment to pinpoint the gaps between the current and desired state. This provides input for our team to develop your practical and tailored roadmap to GDPR compliance, including clearly stated goals and purpose. Our GDPR assessment includes: A detailed review of key data privacy-related themes, such as current data processing roles, responsibilities, data leakage procedures, data flows and data usage Comparison of the results with both common market practices and legal obligations Examination of the impact on current operations of new topics, such as the right to be forgotten and explicit consent EY s data privacy service offering 3

PIA A high quality PIA process throughout the organization is imperative for ensuring compliance with GDPR. An EY PIA encompassing the full privacy life cycle shown below will help you embed data privacy and data protection into the design of all your processes and applications that process personal data. We can support you in the design and execution of PIAs using our established GDPR toolset, and supplement this with training to raise data privacy awareness and compliance across the organization. Review of privacy expectations 4 Appropriate retention and disposal 5 Privacy life cycle 3 Managed disclosure 1 Appropriate collection of data 2 Relevant use of data Data flow mapping Mapping data flows is vital for identifying your organization s data privacy requirements and implementing data protection processes that comply with relevant regulations, including GDPR. However, all too often, businesses undertake data flow mapping with an IT mindset, meaning it produces outputs that quickly become outdated and are too detailed for use in the business. This is because an IT-orientated data flow mapping tends to focus on specific technical fields rather than the types of data used by business processes. In contrast, an EY data flow mapping delivers business-driven results at high pace, by focusing on the business-relevant aspects of data and applying leading-edge data discovery tools and strong data governance. Business opportunities arising from GDPR: Identify and Access Management (IAM) and analytics GDPR compliance programs often enable an optimization of existing IT environments, in order to ensure privacy across the whole IT domain. Two high potential areas are implementing robust IAM, and anonymizing and pseudonymizing data to enable analytics. In terms of IAM, effective data privacy involves ensuring that any data available within the organization can be accessed only by those people authorized to do so. This requires tight linkage between specific roles and access levels, and the business processes that these roles participate in. EY offers an integrated suite of IAM services that support clients to manage system access continuously and efficiently, while also reducing risks to the confidentiality, integrity and availability of business-critical data. Also, while GDPR restricts how organizations use personal data, it also allows for that data to be anonymized and pseudonymized for analysis. EY can help you apply these concepts to maximize the intelligence from data analytics, while supporting GDPR compliance. By analyzing each step in the data process, we can identify whether anonymization or pseudonymization should be used. And, using the latest flexible data analysis tools, we can combine existing and new data to create new identification opportunities generating the greatest possible value from analytics without compromising on compliance. 4 EY s data privacy service offering

Contact us To find out more about any of our privacy-related services and how EY can help you use GDPR as a catalyst for change, beyond compliance, please contact: Erol Mustafa EMEIA Financial Services IT Risk & Assurance Leader Telephone: +44 20 7951 0700 Mobile: +44 7979 923 611 Email: emustafa@uk.ey.com Philippe Zimmermann EMEIA Financial Services Legal Leader Telephone: +41 58 286 3219 Mobile: +41 79 341 4571 Email: philippe.zimmermann@ch.ey.com Tony De Bos EMEIA Financial Services Data Protection & Privacy Leader Telephone: +31 88 407 2079 Mobile: +31 62908 4182 Email: tony.de.bos@nl.ey.com Konrad Meier EMEIA Financial Services Data Privacy Professional Telephone: +41 58 286 4327 Mobile: +41 79 227 2367 Email: konrad.meier@ch.ey.com EY s data privacy service offering 5

6

EY s data privacy service offering 7

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. 2017 EYGM Limited. All Rights Reserved. EYG No. 06196-174Gbl EY-000044638.indd (UK) 10/17. Artwork by Creative Services Group London. ED None In line with EY s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback