Data Protection


The frequency and magnitude of data breaches are increasing. Boards of directors and executive management, in addition to IT departments, are more focused on better management and protection of IT systems and data than ever before. Increasingly, data security is becoming a major issue for IT departments.

However, a “check the box” approach to compliance will not protect a company’s reputation. Proactive measures and policies do. An approach that focuses on three core concepts -  identifying and securing a company’s most valuable assets, continuous monitoring, and a structured, fast response to a breach - provide the clarity to move forward confidently.

Leveraging industry best practices, Protiviti provides expert-level data security and data privacy consulting solutions to FORTUNE 1000® and FORTUNE Global 500® companies in more than 20 countries. Protiviti’s risk-based approach is comprehensive and focuses on creating a secure environment first. Our privacy management professionals will work with you to face the future with confidence.


The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) was created to provide individuals with greater control over how organizations collect, store, transfer and use their personal data. It impacts both companies that conduct business in the European Union and businesses that maintain and process European Union personal data.


How Protiviti Can Help

Protiviti assists organizations in achieving clarity and compliance around privacy risk governance programs, including the GDPR and the California Consumer Privacy Act, and other similar regulations. We help companies understand the impacts of regulatory requirements, assess and remediate processes and technologies, and implement changes to achieve and maintain compliance. Our approach to compliance includes: 

  • Identify high-risk areas to ensure a focused approach
  • Determine exposure and prioritize compliance activities
  • Implement changes to achieve compliance 
  • Provide evidence of accountability and compliance 


Our Data Security solutions include:

Data Governance

Protiviti security and privacy professionals can work with you to ensure you have a complete inventory of the data you have collected in your enterprise and where it is stored. In addition to helping you rationalize the various data you have about clients, partners, and employees, we can help you improve your compliance posture.

Data Classification

Many organizations are becoming aware they need to more efficient in the way they manage data and respond to regulatory imperatives. Protiviti data classification professionals help to refine your data classification policies and procedures to more efficiently comply with regulations, and to derive more value from your data.

Data Leakage

Protiviti can assist you in determining where all your critical data resides and what data is leaking. We work with you to design a data leakage prevention strategy, select and tune the most appropriate technologies, implement your overall data leakage prevention program, and evaluate results.

Encryption & Storage Strategy

Our professionals can help you prioritize the data to address as well as the systems and endpoints that will ultimately store them. We can assist you in building a strategy, identifying appropriate data to focus on, and guiding you on how to manage this complex environment and helping you implement effective solutions.

Privacy Management & Implementation

We can assist you in refining or creating privacy policies, establishing operational procedures and controls and building programs. Where legal opinion is required, Protiviti has outstanding legal partners we will engage to provide you a technical, regulatory, and legal perspective.

PCI Planning, Readiness & Compliance

Our team works to help you plan and prepare for certification as well as remediate issues found in early assessments. We help you understand what private data is collected and where it is stored, train employees about company policy for handling private data, integrate a crisis–management process, and implement a privacy risk management process.

HITRUST Planning and Readiness Services

Protiviti provides trained practitioners who use their extensive data security and privacy experience to help you prepare for HITRUST certification, remediate issues, and manage your risks related to handling protected health information (PHI).

Vendor Management/Due Diligence

Protiviti's professionals have extensive experience supporting clients globally with their vendor programs. We can leverage your internally developed programs and ensure uniform global delivery – providing consistency of data and allowing valid year-to-year or partner-to-partner comparisons.