GDPR:The business value of effective privacy governance

The KPMG privacy video series is designed to help your organization think through the priorities of GDPR and align your privacy compliance efforts without disrupting business.



View all episodes of the "KPMG Privacy" video series.




  • Welcome and thank you for watching KPMG’s GDPR privacy video series.
  • This video is the last of two focused on how to realize value from your GDPR program.
  • For many organizations, GDPR has devolved to a check the box exercise, but, they should see beyond compliance.
  • To realize value, think ahead and work to empower business and IT leads to support privacy compliance and risk management in real time.
  • One option is to develop a self-service, on-demand, business initiated, and solutions focused privacy assessment capability.
  • This means creating DPIA questionnaires, prioritizing business processes, engaging business and IT leads, and determining privacy risk triggers that require a DPIA.
  • The business and/or IT lead would then initiate a DPIA and receive real time residual risk results and privacy by design solutions as a result of the effort.
  • This saves time and harmonizes privacy by design solutions across the organization.
  • The use of an eGRC tool can facilitate this approach.
  • The bottom line:  privacy compliance can result in real business value by lowering the cost of control, lowering the cost of compliance, and increasing the trust and confidence that customers, vendors, and management have related to the protection of data



  • We've covered a number of important topics throughout this series, here’s a reminder of four key areas for your GDPR program
  1. involve your executives and stakeholders through developing a tailored privacy governance model
  2. manage changes that impact privacy rights through the implementation of a right-sized DPIA process
  3. Map and maintain a register of personal data flows both entering and leaving Europe.
  4. Be prepared to respond to data subject requests to exercise their data rights.
  • Remember, GDPR is a journey and not a destination and a new untraveled journey for all - from Data Subjects, Controllers, Processors and Supervisory Authorities
  • At the end of the day – have a risked based actionable and supported plan to become GDPR compliant!
  • Finally, thank you for joining us throughout this 10-part video series.
  • Thanks for watching.
Steven Stein

Steven Stein

Principal, Cyber Security Services, KPMG US

+1 312-665-3181
View more

Strategy and governance

Cyber security: it’s a business issue, not just an information technology issue.

Cyber security: it’s a business issue, not just an information technology issue.

Get the latest updates from KPMG Cyber Security Services.


Explore KPMG Cyber Security careers

Explore KPMG Cyber Security careers