Data protection and privacy

Global data protection and privacy laws like the EU General Data Protection Regulation (GDPR) are tightening their compliance requirements and sanctions

Your organisation must comply, or risk significant reputational and financial damage. Is your data adequately protected? Can you demonstrate your compliance?

Your challenges

The increase in global data protection and privacy regulations and the awareness of the public and the media on data exchange and data ownership are creating new challenges and opportunities that will impact your business.

In today’s world, your data are your key assets. New business models are built on data and data science. To protect your assets and your investment, your data needs to be appropriately managed, valued and secured.

New regulatory requirements confirm this importance, whether for personal or non-personal data. The misuse or mismanagement of data can strongly influence the perception of your organisation in the market. Conversely, your organisation can also gain competitive advantage and customer trust through data protection by design and by default principles, privacy-enhancing technologies and due accountability measures.

Our PwC Legal team will help you proactively with data protection and data regulation to build trust, achieve legal certainty and avoid financial and reputational risk. Through our multidisciplinary approach we can be your trusted legal partner in your data regulation compliance journey or digital transformation strategy, working alongside cyber, risk, HR, Tax and other expert teams.


How we can help

Data protection and privacy

We provide legal advice and assistance concerning the processing of personal data under Belgian and EU law including:

  • Strategic legal advice on the possibilities and opportunities to leverage on data and your digital assets, as well as to build and implement data-centric business models in compliance with applicable data regulation;
  • Detailed and practical legal advice regarding your legal obligations as a data controller, data processor or other role within the data processing value chain;
  • Data protection priority scans or GDPR Readiness  Assessments to analyse your as-is situation by mapping key  data flows, identify key data protection issues and risks and  propose practical solutions;
  • The design & implementation of an adequate data  protection organisation from strategy to execution, based  on a global data protection & privacy programme,  with roadmap, taking into account your business-specific  requirements and ways of working;
  • Determining the best approach for your organisation to  transfer personal data abroad and assisting you with the  applicable procedures and formalities;
  • Reviewing or drafting your vendor and other business  contracts from a privacy and data protection perspective to  ensure they include the appropriate data processing clauses;
  • Advice on privacy and data protection challenges in an HR context including cybersurveillance on the workfloor;
  • Support with security cameras’ and video surveillance (notification) requirements;
  • Assistance with the preparation of and/or  presence/representation at meetings with your business  relations as well as with (data protection) authorities in the  context of consultations, investigations or other enforcement actions; Dispute resolution or litigation support;
  • Project management and/or stakeholder engagement  and information support (board workshops; training &  awareness, …);
  • Providing flexible and to-the-point support to the  data protection team eg. by performing data protection  impact assessments (DPIA), prepare data processing records,  drafting data protection contracts, policies or procedures;
  • Providing support to the Data Protection Officer  (DPO) in reviewing compliance, handling data subject (access) requests or enforcement actions, providing advice on highly  technical issues, ...;
  • The  set-up/roll-out  incident  response procedures   for data  breach notification  requirements taking the client’s organisation’s and the concerned individuals best interest  at heart, as well as guiding the client through an incident, should it occur.

Our GDPR toolkit

We provide practical and pragmatic advice, a.o. through our GDPR Toolkit which we can of course tailor to your specific organization and activities

  • GDPR training and awareness (board) workshops
  • GDPR crash courses
  • GDPR priority scans and readiness assessments
  • GDPR implementation roadmap with step-by-step actions and recommendations
  • GDPR mapping of data processing activities
  • GDPR register of processing activities and other accountability instruments
  • GDPR data protection impact assessments
  • GDPR DPO support
  • GDPR Template Answers to Data Subject Requests
  • GDPR Data Breach (Notification) Process
  • GDPR Data Processing, Data Sharing or Data Transfer Agreements
  • GDPR Joint-Controller Arrangements
  • GDPR Notices to Data Subjects
  • GDPR HR Policies e.g. on data retention and data classification
  • and much more !

Contact us

Karin Winters

Karin Winters

Lawyer - Partner, PwC Legal BV/SRL

Tel: +32 476 60 26 94

Loïc Delanghe

Loïc Delanghe

Lawyer - Senior Managing Associate, PwC Legal BV/SRL

Tel: +32 493 53 96 13

Follow us