Privacy Officer

Our Privacy Officers have experience in multiple industries including hospitality, healthcare, pharmaceuticals, and technology. Our core services including developing and implementing effective privacy policies and procedures designed for our clients’ particular business and regulatory needs like the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (” CCPA”), or the Health Insurance Portability and Accountability Act (“HIPAA”). On behalf of our clients, we liaison with internal stakeholders, regulatory authorities, and data subjects to assist with all privacy related inquires and requests. We provide data protection and privacy training to employees and promote a culture of privacy compliance. We also manage data protection related incidents.

Assess

First, we take the time to understand our clients and their needs. We start with identifying:

  • All relevant stakeholders (privacy, security, legal, marketing, sales, etc.),
  • How personal information is collected (websites, applications, etc.),
  • Where personal information is collected (the U.S., EEA, China, etc.),
  • What categories and types of personal information are collected (for example, sensitive personal information),
  • The business reason for collecting the personal information and the legal basis allowing such collection,
  • The data systems housing personal information (structured and unstructured databases, data lakes, etc.),
  • Personal information data flows and transfers (within the US, from the EEA to third countries, etc.), and
  • What safeguards are in place to protect personal information from loss, unauthorized access, or alteration (technical and operational measures and legal - data protection agreements, EU Standard Contractual Clauses, etc.).

Advise

Using the intelligence gathered during our assessment process, we offer advice and guidance on the following:

- The relevant data security and privacy laws governing the business, - Accounting of the business’s existing data protection and privacy technologies, practices, and procedures, - A written gap-analysis report setting forth: - Identified risk (technical, legal, and reputational), - Risk Occurrence Scale – the likelihood of a risk occurring (for example, a customer complaint, data protection authority inquiry, etc.), - Potential penalties (based on historical regulatory fines, legal actions, etc.) and A written remediation plan setting forth: - Specific remediation task (for example, publishing a privacy notice on the business website), and - A prioritizing timeline based on our client’s risk appetite and available resources.

Implement

Our Privacy Officers can implement our prescribed remediation plan or assist our client’s internal teams in doing so by:

  • Creating or updating existing internal privacy policies and external privacy notices,
  • Installing and managing our Cookie Consent Management platform to ensure full compliance with cookie consent notice and preference requirements),
  • Installing and managing our Data Subject Access Request (“DSAR”) portal for compliant data-subject validation, personal information retrieval and packaging, and secure delivery,
  • Performing system-wide data discovery, mapping, and categorization,
  • Developing an accurate, legally compliant, and real-time Article 30 report,
  • Building an effective incident response and reporting program, and
  • Dealing with customer and regulatory inquiries and complaints.

Discover the benefits of a Privacy Officer.

By following our proven methodology, our clients have the assurance of an effective data protection and privacy program that will satisfy their customers and privacy regulators.

 

Don’t wait to get started.

Reach out to our team to learn more.

 

Contact Us