Ongoing efforts to support data protection and privacy by design
Deloitte is committed to developing innovative approaches that can support clients, and more broadly the marketplace, in their data protection processes to ensure the mitigation of business risks and the protection of individuals’ fundamental rights and freedoms.
Deloitte’s commitment is articulated both in the design of organizational models and technological solutions for data protection, and in the design of all technological solutions to support business processes.
With regard to data protection solutions, the following are of particular note:
- data mapping & discovery
- data quality & lineage
- data classification & protection
- data encryption & pseudonymization
- data loss prevention
- data anonymization & archiving
With regard to support for business transformation processes, with a view to data protection by design and by default, the main areas of intervention are as follows:
- processes of digital transformation and omnichannel
- ERP implementation processes
- implementation processes of AI solutions
- processes of transformation of human resources operating models
- processes for managing large amounts of data (big data)
- processes of adoption of innovative technologies (block chain, etc…)
In general Deloitte intervenes in the Advise phase, for the design of models and solutions; in the Implementation phase, for the implementation of technical and organizational measures; in the Operate phase, for the operational management and maintenance of the measures implemented.
Finally, Deloitte’s commitment in the area of personal data protection takes the form of providing services to support data protection officers, legal services, readiness and maintenance services to the applicable regulations.
Vision on the Future of Privacy
The protection of personal data, and therefore the protection of individuals, will be increasingly relevant in the future, with the exponential growth of data collected (IoT, Edge Computing, etc..), but also with the adoption of increasingly advanced and intelligent processing algorithms. The evolution of the technological context and of the risk landscape will determine a consequent evolution of the regulatory context, with the consequent need to adapt the organizational and operational models adopted by companies for the protection of personal data.
The main challenges that organizations will have to face in the coming years can be summarized as follows:
- adopt effective data protection processes by design and by default, for all initiatives involving the adoption of new technologies
- minimize the personal data that is stored in the company, both to mitigate business risks and to mitigate risks for individuals
- induce organizational behaviors of person in charge of data processing that are aware of the rules and rights at stake
- adopt adequate and effective technical and organizational security measures in increasingly complex risk scenarios.
- govern transborder data flows in the ecosystem of subjects that support the organization, subjects that are located in third countries, and that operate through cloud platforms
- monitor the adequateness and the operational effectiveness of controls, in an extremely complex operational environment, with a very extensive value chain, even outside the organization.