Privacy services

Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of data collection and sharing has increased spectacularly. Technology allows competent authorities to make use of personal data on an unprecedented scale in order to pursue their activities.

Technology allows businesses and government in carrying out their activities more than ever before to make and have access to personal data. People make their personal data more frequently known worldwide. Technology has both the economy and social life changed dramatically (such as 'online applications').

This is the reason that a stronger and more coherent framework for data protection is established in the EU, including strong enforcement, so that the digital economy can develop across the internal market, citizens decide what happens to their data and that there is more practical and legal certainty to businesses and governments.

Currently, fines are determined nationally but there is European legislation being proposed with fines of € 100 million or 5% of global turnover. Compliance with privacy laws and regulations must therefore necessarily be high on senior management’s priority list.


A few examples and bottleneck in the context of implementation of the business strategy:

  • ING would like to offer their customers personalized ads of other companies based on their transaction history.
  • Google Inc., fighting claims that it illegally scanned private e-mail messages, argues it shouldn't have to face a single lawsuit that lumps together hundreds of millions of Internet users. The company contends that a nationwide grouping of people who sent or received messages through its Gmail service over five years would "amalgamate an unprecedented collection of individuals," according to a filing in federal court in San Jose.
  • Equens withdraws after negative publicity and concerns in the media, their project to sell payment data of citizens. From a mailing it shows that go-to-masrket has started.


What we offer

Failure to comply with privacy legislation can therefore result in negative headlines for companies. This may have an impact on a company’s reputation in the market and competitive position especially if complying with regulations is a competitive advantage.

In practice, it happens that data protection is not sufficiently taken into account at the planning and design of new products and optimization of the marketing strategy. As a consequence after the go-live took place and go-to-market activities had started, it had to be decided to cancel the project. Substantial and perhaps unnecessary costs are made. Best practice is therefore to consider the conditions of "Privacy laws and regulations" as a critical component for success during the feasibility study.

KEY Group supports organizations already in the early stages of a project when determining the scope and key elements of this legislation and shows how this should be handled so that business objectives will actually be achieved in practice, but also the compliance with laws and regulations is adhered to. Not only the current legislation is considered, but the implementation of the new EU regulation is anticipated.

KEY Group can also take care of the actual implementation, but can also design and implement a normative framework for (future) internal control around privacy within the organization.

For questions please contact us.

Take aways 

  • Set up a project charter that will take effect preferable during feasibility but ultimately during design
  • Write a business case and problem statement
  • Define scope of the project
  • Define objectives and goals of the project
  • Involve stakeholders and define priorities
  • Set measurable milestones
  • Ensure that the right sponsors provide buy-in.
  • Identify (project) risks and how to manage them
  • Jointly validate and refine the project plan and develop a roadmap to success
  • Hold regular meeting to track progress of the various work streams

We combine technical knowledge with industry understanding and knowhow of technologically advanced tools and methodologies available in the market or developed by ourselves.

  • Focus on business processes that could be improved
  • Perform As-Is assessment
  • Anticipate future changes
  • Define scope and actions for short, mid and long term
  • Write business case for change
  • Realize sponsorship for implementation


Technology-related risk: understand and address the potential harms and benefits of (new) technology.

Privacy is high on the priority list of organizations nowadays, not only because of the more stringent laws and regulations, but also because of the significant impact financially and on a company’s reputation in the market and competitive position especially if complying with regulations is a competitive advantage.

We understand the language of the business as well as IT.