KPMG Law and IT advised Ekspress Grupp, Omniva, Tallink, Tartu City and others on GDPR compliance


During the past year, we have been advising a large number of local and international big corporations and local governments in complying with the new General Data Protection Regulation (GDPR). The successful implementation of the Regulation in an organization requires legal, IT and management competency and a risk-based approach. To this end, we have formed a joint working group of IT and legal experts to provide our clients with a full service towards GDPR compliance. In almost every project we have first (i) carried out a GDPR compliance assessment of the client’s business areas, processes, critical information systems and databases which are employed to process personal data within the specific organisation; (ii) executed a gap analysis in the agreed business areas, processes, systems,databases and on the data protection governance and to identify and classify the risks related to the gaps; and (iii) outlined remediation requirements of the gaps. We use thoroughly and internationally developed frameworks, models and methods for conducting GDPR compliance assessments that enable us to bring highest added value to the compliance assessment projects, utilizing global know-how, experience and market-leading standards. On this basis, in addition to preparing GDPR compliant internal regulations, guidelines, forms and agreements related to personal data processing, we have supported the clients in transforming the client’s in-house activities, business processes and information systems in order to comply with GDPR.

We've recently advised the following clients on GDPR: