Data Security: 2-Week Assessment


Transform and maintain the protection of your data while addressing the regulatory requirements to achieve sustainable data governance and compliance.

Organizations are expected to keep personal and corporate data confidential, yet data breaches still occur. This can result in financial loss, regulatory sanctions, and reputational damage. Common challenges organizations are facing include: the identification of business-critical information, the localization of the critical information assets and ensuring they are adequately protected in a data-driven world.

KPMG offers comprehensive and tested data protection and privacy services, supporting organizations in identifying and adequately protecting their critical assets, enabling them to use, analyze and share structured and unstructured data while ensuring sustainable governance and compliance with emerging regulatory controls (e.g. UAE data protection law).

KPMG leverages its proven Data Security methodology along with the Microsoft Purview Information Protection and Compliance platform to ensure organizations are realizing the full potential when embarking on their Data Security journey. By combining Microsoft’s capabilities with KPMG’s expertise, the approach is able to view the Data Security capabilities, through three dimensions: people, process and technology.

The 3-phased approach to Data Security is a business-driven, risk-based assessment based on the organization’s threat and regulatory landscape.

  1. The discovery phase focuses on the identification of the business-critical information assets using the Microsoft Purview Compliance portal.
  2. Once the business-critical information data assets are identified, the assessment phase is initiated to measure the maturity and the effectiveness of the Data Security controls in place. In order to obtain a complete understanding of the organization’s Data Security posture and regulatory readiness, the assessment is twofold: looking at the Data Security posture from a Data Protection and Data Privacy point of view.
  3. Derived from the initiatives and the recommendations during the assessment in the previous phase, the reporting phase will have as outcome a comprehensive UAE Data Law Maturity Assessment Report and a Discovery / Classification Report.

With a focus on bringing broader compliance, financial and reputational advancements, the assessment offers additional key benefits for organizations:

• An accelerated data security assessment in 2-3 weeks to build a solid Data Security foundation.

• Increased visibility on the critical information assets to prioritize the security controls in place protecting the key business activities.

• Improved data governance and information lifecycle management ensuring secure data collection, exchange, transfer, archival, and destruction.

• Compliance with emerging data privacy regulations (UAE Data Protection Law) and reduced risk of data breaches or penalties imposed for violating privacy rights.

• Enhanced trust and credibility accommodating consumers’ transparency requirements and user experience.

• Improved security awareness across the organization and a better understanding of insider threats when it comes to protecting sensitive information and preventing misuse of business information.