Privacy Officer

A privacy officer is a key figure within an organization, responsible for overseeing and managing the company’s data protection and privacy strategies. Our core services include developing and implementing effective privacy policies and procedures designed for our clients’ particular business and regulatory needs like the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (” CCPA”), or the Health Insurance Portability and Accountability Act (“HIPAA”). On behalf of our clients, we liaise with internal stakeholders, regulatory authorities, and data subjects to assist with all privacy-related inquiries and requests. We provide employees with data protection and privacy training and promote a privacy compliance culture. We also manage data protection-related incidents.

Assess First, we take the time to understand our clients and their needs. We start with identifying:

• All relevant stakeholders (privacy, security, legal, marketing, sales, etc.),

• How personal information is collected (websites, applications, etc.),

• Where personal information is collected (the U.S., EEA, China, etc.),

• What categories and types of personal information are collected (for example, sensitive personal information),

• The business reason for collecting the personal information and the legal basis allowing such collection,

• The data systems housing personal information (structured and unstructured databases, data lakes, etc.),

• Personal information data flows and transfers (within the US, from the EEA to third countries, etc.), and

• What safeguards are in place to protect personal information from loss, unauthorized access, or alteration (technical and operational measures and legal – data protection agreements, EU Standard Contractual Clauses, etc.).
  

Advise Using the intelligence gathered during our assessment process, we offer advice and guidance on the following:

• The relevant data security and privacy laws governing the business,

• Accounting of the business’s existing data protection and privacy technologies, practices, and procedures,

• A written gap-analysis report setting forth:

• Identified risk (technical, legal, and reputational),

• Risk Occurrence Scale – the likelihood of a risk occurring (for example, a customer complaint, data protection authority inquiry, etc.),

• Potential penalties (based on historical regulatory fines, legal actions, etc.) and

• A written remediation plan setting forth: (1) Specific remediation tasks (for example, publishing a privacy notice on the business website), and (2) A prioritizing timeline based on our client’s risk appetite and available resources.

Implement Our Privacy Officers can implement our prescribed remediation plan or assist our client’s internal teams in doing so by:

• Creating or updating existing internal privacy policies and external privacy notices,

• Installing and managing our Cookie Consent Management platform to ensure full compliance with cookie consent notice and preference requirements),

• Installing and managing our Data Subject Access Request (“DSAR”) portal for compliant data-subject validation, personal information retrieval and packaging, and secure delivery,

• Performing system-wide data discovery, mapping, and categorization,

• Developing an accurate, legally compliant, and real-time Article 30 report,

• Building an effective incident response and reporting program, and

• Dealing with customer and regulatory inquiries and complaints.

Yes. Our seasoned Privacy Officers interact and liaise with all necessary business units, including security, corporate, legal, procurement, contracting, etc., to ensure effective and efficient privacy operations.

Yes. Most of our clients provide our Privacy Officers with an internal business email add title. Our Privacy Offers are capable of interacting with internal stakeholders, customers, and regulators as a direct client representive.

It depends on what you need. We have short term engagements all the way to year or more long service; it all depends on what you need.

We have Privacy Officers who have worked in almost every industry and with all US laws and the General Data Protection Regulation. In addition, our Privacy Officers have specialized training from our privacy technology partners. We match our talent with your particular industry, regulatory, and technology needs.