You may be concerned about compliance with the General Data Protection Regulation (GDPR), and the implications that achieving or not achieving compliance would have for your business. With Pivot Point Security as your GDPR consulting firm partner, navigating through the GDPR and reaching compliance is a guaranteed reality. Clients that work with us rest easy knowing where they currently stand, where they need to be and what resources they need; in short, they have a “roadmap” to achieve compliance.
Does GDPR Apply to Me?
Does your firm hold or process any personally identifiable information of EU citizens? This can be almost anything: name, email address, bank account, or credit card numbers, address, employer, etc.
If you answer “yes” to that question, you are within the jurisdiction of the General Data Protection Regulation regardless of the size, purpose, or location of your business.
We look at organizations in three tiers when assessing privacy efforts to comply with GDPR:
- Tier 1 is a US company with no EU offices or EU employees with a limited number of EU clients/records
- Tier 2 is a US company with EU offices and/or EU employees with a moderate number of EU clients/records
- Tier 3 is an EU company with US offices with a significant number of EU clients/records
Our Proven Process for GDPR Compliance
The path to compliance with GDPR can look very different based on your organizational structure and needs. Don’t be left in the dark without clear direction to reach compliance.
The PPS Proven Process for GDPR Compliance ensures our experts understand and recommend the right solutions to achieve GDPR compliance within your timeframe and budget objectives:
The seven phases of GDPR implementation, operation, and validation:
- Data Mapping
- Data Privacy Impact Assessment
- GDPR Gap Assessment
- GDPR Gap Remediation
- GDPR Operation, Metrics, & Governance (Virtual Data Privacy Officer)
- GDPR/Privacy Audit (typically Annual)
- Privacy Shield Submission Assistance
We have a 100% success rate bringing organizations to GDPR compliance. See below for more information on each stage of the journey.
Helping Orgs Strategize InfoSec Initiatives is What We Do
For over 20 years we have led hundreds of firms to reach their security goals with the first step often being; which security framework(s) would be most beneficial to our business? But enough about us… let’s ask a more important question.
The stakes are high
The regulation calls out penalties that can reach “the greater of €20 million or 4% of global annual turnover.” While there has currently been no precedent set for GDPR non-compliance, we know penalties are on the way.
A strong initial effort towards GDPR compliance will pay large dividends for years to come. Compliance is essential for doing business with EU citizens, as well as to address emerging US privacy regulations like the California Consumer Protection Act of 2018.
Our GDPR Consulting Service Phases
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
GDPR Consulting Downloadable Resources
Build a Data Privacy Program in 10 Steps
Download the Infographic
