Our approach to GAP Analysis under the Law on Personal Data Protection and the General Data Protection Regulation (GDPR)
Personal Data Protection is not just a matter of law. The Law on Personal Data Protection (the Law) and the General Data Protection Regulation (GDPR) require from managers and data controllers to implement certain organisational and technical measures to secure full compliance with the requirements of the new regulation.
PwC provides Clients with a wide range of personal data protection specialists. Our Specialist Team comprises attorneys-at-law, and risk management and data analysis specialists.
PwC’s GAP Analysis Tool (G.A.T.) is a tool developed by PwC intended for GDPR. The tool can also be applied to the Law to test if your organisation is ready to comply with the requirements of both the GDPR and the Law.
Our report provides insight into enterprise architecture compliance and its readiness to follow the principles of data protection.
We have experience with GDPR projects across numerous industries. Our experts provide in-house training to employees, build new solutions, and work side by side with experts within PwC’s Global Personal Data Protection Network.
We are proud to be part of PwC’s Global Personal Data Protection Network. Being part of our Global Network, we are able to gain experience, draw on our resources and share knowledge within the Network.
Considering that both the GDPR and the Law prescribe a unique approach to managers and data controllers, we are able to take advantage of our Global Network.
Understanding the key terms. Determining expectations and their synergistic effect. Training for employees participating in the Project.
Collecting relevant documents. Identifying responsible officers. Collecting relevant information on personal data processing performed within relevant organisational units.
GAP Analysis between the current approach and the requirements under the Law on Personal Data Protection and the GDPR. Evaluations and classifications of established differences, based upon their importance and complexity.
Planning for the fulfilment of the requirements of the Law on Personal Data Protection and the GDPR. Preliminary assessment of the steps for the removal of selected findings. Final report.
Data Management: Collect only essential data, which are to be used only for the purpose they were supplied to you and kept no longer than it is necessary.
Data Protection: Restrict access to data to only those with the right-of-use, take care of the data when travelling and use only company equipment or letterhead, and think twice before sending data and/or emails.
Transparency: Be transparent with colleagues, clients and others regarding how their personal data are collected, stored, shared and used.
Belgrade office, PwC Serbia
Tel: (+381) 11 3302 100