Search
Contact
Symbolbild zu Data Compliance Management: Frau tippt auf Tablet
15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”

 

The third part of this series of articles deals with data compliance management. Once a company has created a solid foundation in data categorization and developed an understanding of the data lifecycle, the question arises: How can practical implementation succeed?

Strategic orientation of data compliance management

To begin with, companies should define the strategic direction of data compliance management. This should be in line with the overarching corporate objectives and the specific compliance requirements. The corporate culture should recognize the value of data protection and compliance. For example, a financial services company could develop a strategy that aims to ensure compliance with GDPR and local data protection laws while providing innovative financial products. In any case, it is important that the strategy pursues clear, measurable and, above all, realistically achievable goals.

Tools and technologies for data compliance management

Companies need suitable tools and technologies to manage data efficiently. For example, data governance platforms can help to maintain an overview of the data landscape. Data protection management systems support compliance with data protection regulations. It is essential that no shadow structures are created wherever possible. It can therefore make sense to fall back on existing structures, even if they may not offer all the desired functionalities. The additional cost of implementing and networking a new solution should be carefully weighed up in these cases.

Cross-functional collaboration

When introducing data compliance management, close cooperation between legal, technical and operational teams is recommended. For example, an interdisciplinary team of legal, IT and compliance experts could be formed to develop a coherent strategy to meet the requirements of the legal requirements. The complexities in the area of data compliance are sometimes so pronounced that a specialist department alone may have difficulties keeping track of everything. Teamwork is the key to success.

Employees should be trained and sensitized

Companies should regularly train their employees in order to promote compliance-friendly behavior within the company. However, data protection training should not be the only measure, but should be supplemented by sensible awareness-raising measures and supported by management through words and deeds.

Outsourcing of data compliance management via managed services

It can make sense to hand over key operational parts of data compliance management to specialized providers that use Legal Managed Services (LMS). When selecting and engaging such a service provider, it is important to establish clear handover interfaces, defined roles and responsibilities as well as binding service level agreements (SLAs). These elements ensure that both the company and the service provider clearly understand the expectations and obligations.

Measurement and continuous improvement

Once data compliance management has been established, companies should monitor performance. To this end, they should develop maturity levels and key figures and present them clearly in the form of dashboards. Key figures are suitable, for example, for monitoring compliance with retention periods or for handling data leaks. Companies should also develop strategies for dealing with data breaches and other compliance issues. A central element of such a strategy is a well-thought-out incident response plan.

Conclusion

The practical implementation of data compliance management is an iterative process that requires strategic alignment, operational excellence and continuous improvement. With a well thought-out approach, companies can achieve their compliance goals and ensure sustainable data protection.

 

Explore #more

03.04.2025 | KPMG Law Insights

First Omnibus Package to relax the obligations of the CSDDD, CSRD and EU taxonomy

The EU Commission has today published the draft of the first announced Omnibus Package. With the first directive as part of the omnibus initiative,…

24.03.2025 | KPMG Law Insights

Product piracy in online retail: these are the latest tricks

Product piracy is also flourishing with the growth in online trade. A major problem for brand owners, but also a challenge for online marketplaces and…

24.03.2025 | Deal Notifications

KPMG Law advises Munich Airport on the sale of aerogate München Gesellschaft für Luftverkehrsabfertigungen mbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided legal advice to Flughafen München GmbH (FMG) on the sale of its subsidiary aerogate München Gesellschaft für Luftverkehrsabfertigungen…

21.03.2025 | KPMG Law Insights

Special infrastructure assets: how the administration manages to implement projects quickly

The special infrastructure fund creates the opportunity to catch up on years of investment backlog. There is a need for urgency. Defence capability, economic growth…

20.03.2025 | KPMG Law Insights

AI Act: This applies to AI in universities and research

Artificial intelligence (AI) offers numerous opportunities for research, teaching and administration, but also raises complex legal issues. The European Union’s AI Regulation(AI Act)…

19.03.2025 | In the media

BUJ/KPMG Law Summit Transformation

The Bundesverband der Unternehmensjuristinnen und Unternehmensjuristen e.V. (BUJ) and KPMG Law cordially invite you to the BUJ Summit Transformation on May 28, 2025 in Frankfurt…

18.03.2025 | In the media

KPMG Law Statement in the German transport magazine DVZ: Planning at a crawl; DIHK sees great potential for faster traffic route construction

The Chamber of Commerce in Arnsberg regularly awards prizes to the worst state roads in the Hellweg-Sauerland region of Westphalia. A funny idea, if it…

13.03.2025 | KPMG Law Insights

ECJ tightens antitrust liability for information exchange

The ECJ (C-298/22) has recently set strict standards for the permissible exchange of information between companies. As a result, companies are now even more faced…

11.03.2025 | In the media

KPMG Law Interview with HAUFE: LkSG after the elections – everything new?

Many companies have made considerable efforts to implement the Supply Chain Due Diligence Act. The political discussion about its abolition is now causing uncertainty. KPMG…

07.03.2025 | In the media

Guest article in unternehmensjurist: Implementing the requirements of the BFSG correctly

The Barrier-Free Accessibility Reinforcement Act requires companies to offer certain products and services without barriers. The obligations vary depending on the role in business transactions.…

Contact

Dr. Jyn Schultze-Melling, LL.M.

Partner

Heidestraße 58
10557 Berlin

Tel.: +49 30 530199 410
jschultzemelling@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll