GDPR basics: business process prioritization

This “how-to” GDPR video will focus on how to prioritize the implementation of your privacy program.



View all episodes of the "KPMG Privacy" video series.




  • Welcome to the second “how-to” GDPR video in KPMG’s privacy video series dedicated to discussing GDPR program basics.
  • This video will focus on how to prioritize the implementation of your privacy program.
  • Most privacy functions have limited resources with which to undertake tasks.
  • It is important to balance establishing broad privacy coverage while addressing high risk areas.


  • Privacy coverage involves spanning multiple types of personal data. (this may include customer, employee, vendor)
  • It also means involving affiliates and business units of various size, locations, maturity levels
  • Addressing high risk areas requires spotlighting those business processes that process significant amounts of personal and/or sensitive personal data, along with innovative – new technology (for example Internet of Things) or  secondary approaches to personal data processing.
  • Ask yourself: what are the top business processes spanning different business areas that present a higher risk to individual’s privacy? 


  • As you engage with different business units across the organization it’s important to take the opportunity to educate stakeholders and management the on privacy fundamentals underlining these activities.
  • Next, we will move into three videos addressing personal data under GDPR.
  • We appreciate your time and attention.
  • Thanks for watching.
Ahead of the curve
Managing data in the wake of GDPR

Related content

Steven Stein

Steven Stein

Principal, Cyber Security, KPMG US

+1 312-665-3181
View more

Strategy and governance

Cyber security: it’s a business issue, not just an information technology issue.

Subscribe to KPMG Cyber Security services


Explore KPMG Cyber Security careers