Data Privacy Consulting
Data Privacy Consulting
Microsite Hero Description
Proactively Navigating the Data Privacy Regulation Landscape
Data Privacy Consulting
Body
“Protiviti did a great job helping us address the privacy challenge with a very strong risk-based approach. Their very pragmatic, blended team provided us several valuable solutions and very effective change management communications to address all the organisational and technology impacts required by new privacy regulations.”
– Compliance Officer, top listed global manufacturing company
What’s Trending Now
Protiviti is helping CISOs, CIOs and CDOs navigate the rapidly-evolving tech landscape during the COVID-19 pandemic with our Data Privacy Services. We recommend these resources:
Stay Connected with Us
Solve your Key Challenges with our Data Privacy Consulting Solutions
Our global clients are experiencing unprecedented change in the data privacy landscape. Changing state, federal and global regulations are forcing almost constant business, technical and legal operational changes. These changes are not necessarily exclusive of one another and often overlap, resulting in highly complex legal and regulatory scenarios.
Protiviti’s Data Privacy consulting team understands the inherent risks and challenges our clients face in developing and maintaining effective privacy and data protection programmes. Drawing on our skills and experience in regulatory compliance, business processes, technology, information security and communications, we partner with our clients to:
- Understand jurisdictions and obligations
- Assess needs
- Implement appropriate compliance measures and safeguards
- Respond to new and changing regulations.
To learn more about the client problems we solve, the business outcomes and client success stories, download our brochure.
Assess and Manage Uncertain Global Data Privacy Regulations
With the meteoric rise of data proliferation worldwide has come new privacy laws such as the General Data Protection Regulation (GDPR) in the European Union (EU) and various derivative laws either on the books or on the way at regional, national and state levels in the U.S., including the California Consumer Privacy Act (CCPA). These drivers of change are pressure-testing data privacy compliance programmes and creating a complex legal matrix for companies to navigate.
How Protiviti Can Help
- Global Privacy Compliance Programme: Protiviti provides a comprehensive and holistic approach to privacy compliance that is flexible enough to meet any existing or future situation.
- Cross-Border Transfers: Protiviti parent company and partner Robert Half provides localised hosting and forensic technologies to address dynamic regulatory and legal issues in cross-border privacy matters.
- Ongoing Compliance Monitoring: Protiviti helps clients identify high-risk activities and exposure through ongoing monitoring of compliance data, privacy protection and changes to legal obligations.
- Data Subject Requests: We manage high-volume data subject requests to identify, collect, analyse, review and produce personal information to individual consumers.
- Records of Processing Activities (RoPA): Protiviti helps clients establish a formal inventory of data processing operations and supporting systems where personal data is collected, processed and stored (Article 30 of the GDPR).
- Privacy and Data Protection Roadmap: Identifying gaps and developing a formal Privacy and Data Protection strategy and roadmap to help our clients meet privacy obligations.
- Data Mapping: Developing data flow diagrams to visually represent key data collection and data transmission points, including cross-border data transfers.
- Privacy Obligations: Establishing a formal baseline and scope of privacy obligations based on applicable privacy regulations, including GDPR, CCPA, HIPAA, PIPEDA, etc.
- Third-Party Contract Review: Evaluating and redlining contractual agreements with third-party processors.
Ethical Compliance with Regulatory Requirements
From a data privacy perspective, boards are wrestling with understanding not only what is legal but also what is ethical and aligns with the company’s brand. Compliance with current privacy laws is one standard. Understanding how to incorporate data privacy into the organisation’s corporate strategy and business model, and how management defines the appropriate use of consumer data, is a different and higher standard.
How Protiviti Can Help
- Privacy and Data Protection Roadmap: Identifying gaps and developing a formal Privacy and Data Protection strategy and roadmap to help clients meet privacy obligations.
- Data Mapping: Developing data flow diagrams to visually represent key data collection and data transmission points, including cross-border data transfers.
- Privacy Obligations: Establishing a formal baseline and scope of privacy obligations based on applicable privacy regulations, including GDPR, CCPA, HIPAA, PIPEDA, etc.
- Compliance Validation: Validating remediation and implementation efforts and alignment with applicable privacy requirements.
- Privacy Audits: Conducting an internal audit assessment to validate and report on the effectiveness of privacy and data protection controls against applicable regulatory requirements.
- Third-Party Validation: Validating that PII shared with third parties meets regulatory and contractual requirements.
Address Resource and Skill Shortages
The unprecedented demand for well-trained privacy experts continues to grow. Organisations are facing a shortage of privacy skills due to rapidly changing advancements in both the regulatory and technology landscape.
How Protiviti Can Help
We provide deep subject matter expertise with a flexible delivery model to solve client problems. Our Protiviti PraaSTM - Privacy as a Service – solution brings together the strengths of Robert Half and Protiviti, and delivers a customised privacy service which uses market-led analytics, optimising your overall investment to manage privacy governance and compliance. Our offerings include:
- Recurring data inventory, data privacy flow mapping, classification and assessments.
- Data subject rights request management.
- Privacy platform management.
- Annual data privacy impact assessments and data protection impact assessments (Privacy by Design).
- Monitoring privacy legislation and programme management.
Operationalise Privacy Needs
The single most important thing about privacy compliance is disciplined execution. Organisations should realise that having the the best policies and staff in place is worth nothing without proper operationalisation of policies and the development of a culture of commitment to data protection.
How Protiviti Can Help
Our Protiviti PraaSTM - Privacy as a Service - suite of solutions provides tailored, full service support for your privacy priorities, including:
- Protiviti and Robert Half provide privacy compliance experts to engineer and implement changes to meet privacy needs, including compliance programme structure and governance.
- Performing current-state analysis against the requirements to identify gaps and develop a roadmap to achieve compliance.
- Helping clients assess and address any data privacy risks associated with planned RPA application.
- Designing and implementing privacy and data protection solutions, including people, process, and technologies to address current state gaps.
- Developing an ongoing privacy and data protection compliance programme structure and governance.
Implementation of Privacy Tools
One of the biggest challenges with data privacy tools comes in the implementation phase. Poor or ill-informed decisions at the beginning can result in the entire implementation proving ineffective and perpetually problematic.
How Protiviti Can Help
- Automating of privacy activities including privacy assessments and processing of data subject requests.
- Implementing RPA to automate/ reduce the effort of privacy compliance.
- Partnering with OneTrust to deploy privacy programme management.
- Designing and implementing privacy and data protection solutions, including the following key areas: Privacy programme and governance structure, consent and cookie management, privacy notifications and privacy shield, privacy impact assessments, data subject rights, third-party risk management, privacy by design and default, and data security and breach notification.
Ready to get started?
Protiviti’s Data Privacy Team will help you understand your data privacy priorities to subsequently understand jurisdictions and obligations, assess your needs, implement appropriate measures and safeguards and respond to new and changing regulations.
Schedule Privacy Planning Discussion
Key Partners
Recent Blogs:
Insights
Microsoft Discovers Multiple Zero-Day Exploits Being Used to Attack Exchange Servers
Virginia Becomes the Second State to Enact Consumer Privacy Law
European Court of Justice Invalidates the EU-US Privacy Shield Framework
Podcast: 2019 Vendor Risk Management
Protiviti assists organisations in achieving clarity and compliance around privacy risk governance programmes, including GDPR. We help companies understand the impacts of regulatory requirements, assess and remediate processes and technologies and implement changes to achieve and maintain compliance. Our approach to GDPR compliance includes:
Discovery: Identify high-risk areas to ensure a focused approach
- Identify and inventory EU personal data including classification level, data controller, processor and exchanges
- Formal inventory of processing activities
Manage: Determine exposure and prioritise compliance activities
- Assess data collection, processing and storage, and protection measures
- Assignment of a Data Protection Officer transfers to third parties, risk assessment practise and security policies
Protect: Implement changes to achieve compliance
- Obtain executive management support and funding
- Establish compliance programme structure and governance
- Identify compliance strategies
- Implement remediation plans
Report: Provide evidence of accountability and compliance
- Maintain required documentation
- Testing and validation
- Implementation of monitoring tools and processes
- Manage data requests and breach notification
