Personal Data Protection

Our approach to GAP Analysis under the Law on Personal Data Protection and the General Data Protection Regulation (GDPR)

Why PwC?

A Multidisciplinary Team

Personal Data Protection is not just a matter of law. The Law on Personal Data Protection (the Law) and the General Data Protection Regulation (GDPR) require from managers and data controllers to implement certain organisational and technical measures to secure full compliance with the requirements of the new regulation.
PwC provides Clients with a wide range of personal data protection specialists. Our Specialist Team comprises attorneys-at-law, and risk management and data analysis specialists.


GDPR and Data Analysis Tools

GDPR and Data Analysis Tools

PwC’s GAP Analysis Tool (G.A.T.) is a tool developed by PwC intended for GDPR. The tool can also be applied to the Law to test if your organisation is ready to comply with the requirements of both the GDPR and the Law.

Our report provides insight into  enterprise architecture compliance  and its readiness to follow the principles of data protection.


Our experience in GDPR projects

We have experience with GDPR projects across numerous industries. Our experts provide in-house training to employees, build new solutions, and work side by side with experts within PwC’s Global Personal Data Protection Network.


PwC Global Personal Data Protection Network

PwC Global Personal Data Protection Network

We are proud to be part of PwC’s Global Personal Data Protection Network. Being part of our Global Network, we are able to gain experience, draw on our resources and share knowledge within the Network.

Considering that both the GDPR and the Law prescribe a unique approach to managers and data controllers, we are able to take advantage of our Global Network.


A Multidisciplinary Team

Project Phases

Mobilisation and Team Training

Understanding the key terms. Determining expectations and their synergistic effect. Training for employees participating in the Project.

Specifying the Scope of the Law and the GDPR

Collecting relevant documents. Identifying responsible officers. Collecting relevant information on personal data processing performed within relevant organisational units.

GAP Analysis

GAP Analysis between the current approach and the requirements under the Law on Personal Data Protection and the GDPR. Evaluations and classifications of established differences, based upon their importance and complexity.

Draft Measures

Planning for the fulfilment of the requirements of the Law on Personal Data Protection and the GDPR. Preliminary assessment of the steps for the removal of selected findings. Final report.

Key factors that lead to a successful project

Operating assumptions

  • The company is required to:
  1. Provide premises for operations meetings,
  2. File relevant data and project documentation,
  3. Arrange for the attendance of project participants at scheduled meetings, as well as for their submission of required documentation within a maximum of 3 working days (except in the event of specific and unexpected situations).
  • All formal project communication will be between the Project Manager and PwC.
  • Project deliverables will be documented through the use of MS Tools (MS Word, MS Excel i MS PowerPoint), unless otherwise agreed for specific deliverables.


Key success factors

  • Thorough understanding of the scope, purpose and objective of analysing the current compliance status with the GDPR and the Law for all key participants in the Project,
  • Availability of resources and relevant documents,
  • Open communication on activities and processes,
  • Constructive communication on areas for improvement.




Data Management: Collect only essential data, which are to be used only for the purpose they were supplied to you and kept no longer than it is necessary. 


Data Protection: Restrict access to data to only those with the right-of-use, take care of the data when travelling and use only company equipment or letterhead, and think twice before sending data and/or emails.


Transparency: Be transparent with colleagues, clients and others regarding how their personal data are collected, stored, shared and used.


Contact us


Belgrade office, PwC Serbia

Tel: (+381) 11 3302 100

Follow us