GDPR basics: privacy program and governance model

This “how-to” GDPR video will offer a viewpoint on how to redesign and optimize your privacy team, program and governance.


View all episodes of the "KPMG Privacy" video series.



  • Welcome to the first “how-to” GDPR video in KPMG’s privacy video series
  • This video will offer a view point on how to meet the basic requirements of GDPR.
  • Multiple articles of GDPR, cite the need for an effective privacy program and governance model.
  • It is important to remember that privacy, risk, and legal teams define the “what” and security, business and compliance teams, define the “how.”


  • Lessons learned indicate that a centralized authority command and control privacy organization works best.
  • This can be achieve  through the following four steps:

1. Establishing and empowering a Chief Privacy Officer, working shoulder-to-shoulder with the business.

2. Active coordination with IT, European business units, and a Data Protection Officer.

3. Steering committees and privacy ambassadors to help facilitate awareness.

4. “Plain English” policies, controls, and standard operating procedures.


  • Another key lesson we’ve learned, is to emphasize privacy principles like Transparency or Purpose limitation that guide standards reinforced by policy.
  • Meaning: privacy standards (not policy!) are the key to effective privacy compliance and governance.
  • Ask yourself:  who is doing what with whom to accomplish what?
  • The accomplishment of “what” goes beyond GDPR readiness
  • It should be driven by a strategic game-changer for privacy, for example, Customer Trust Comes First
  • This involves a self-service, on-demand, business initiated, and privacy by design solution
  • All privacy compliance and governance should operate within this strategy.


  • We appreciate your time and attention.
  • Thanks for watching.
Ahead of the curve
Managing data in the wake of GDPR

Related content

Steven Stein

Steven Stein

Principal, Cyber Security, KPMG US

+1 312-665-3181
View more

Strategy and governance

Cyber security: it’s a business issue, not just an information technology issue.

Subscribe to KPMG Cyber Security services


Explore KPMG Cyber Security careers