Demands are increasing. Is your organization ready?

The General Data Protection Regulation (GDPR), whose entry into force occurred in May 2018, is applicable to all organizations operating in the European Union.

What is the current context?

The main objective of the General Data Protection Regulation (GDPR) is to ensure respect for each individual’s fundamental right to act on his or her data.

This regulation implies significant changes in the approach to the management of personal data, and has significant penalties associated with events of non-compliance.

The role of the regulators (in Portugal, CNPD – Portuguese Data Protection Authority) changes substantially with the entry into force of this regulation, with them now focusing their efforts on supervisory actions, as opposed to activities of notification and prior approval, as has been the case until now.

Based on the timetable defined by the European Commission, companies should, ensure the necessary changes in their operations (legal, procedural and technological) to comply with the standards present in the GDPR.

PwC seeks to provide its customers with an integrated offer, which includes the regulatory and operating facet, to enable them to adapt their organizations to the GDPR.

Scheduling the GDPR

The penalties can amount to 20 million euros, or 4% of the total annual turnover. The GDPR applies to all economic sectors in the organizations that hold or use personal data of European citizens inside and outside the EU.

What solutions do we offer?

End-to-end analysis, supported by a global PwC framework, which begins with a comprehensive diagnosis of the legal, procedural and technological components and aims to design and implement a set of governance/ operational  tools for responding to GDPR requirements.


Conduction of a proof of concept project, to the model defined and implemented, which may include the simulation of actual events foreseen in the GDPR, thus identifying possible constraints and opportunities for improvement.

Specific training targeting the organization’s main speakers, to raise their awareness regarding the GDPR’s implications.

Operational support for DPO’s activities focused on the management of privacy implementation programs, PIA’s execution, analysis of GDPR support processes and other activities appropriate to the reality of your organization.


Gabriela Teixeira

Gabriela Teixeira

Partner, PwC Portugal

Tel: +351 213 599 314

Miguel Fernandes

Miguel Fernandes

Consulting Partner, PwC Portugal

Tel: +351 213 599 314

Follow us