GDPR Consulting Services – General Data Protection RegulationWe have a 100% success rate bringing organizations to GDPR compliance.
You may be concerned about compliance with the General Data Protection Regulation (GDPR), and the implications that achieving or not achieving compliance would have for your business. With Pivot Point Security as your GDPR consulting firm partner, navigating through the GDPR and reaching compliance is a guaranteed reality. Clients that work with us rest easy knowing where they currently stand, where they need to be and what resources they need; in short, they have a “roadmap” to achieve compliance.
Does GDPR Apply to Me?
Does your firm hold or process any personally identifiable information of EU citizens? This can be almost anything: name, email address, bank account, or credit card numbers, address, employer, etc.
If you answer “yes” to that question, you are within the jurisdiction of the General Data Protection Regulation regardless of the size, purpose, or location of your business.
We look at organizations in three tiers when assessing privacy efforts to comply with GDPR:
- Tier 1 is a US company with no EU offices or EU employees with a limited number of EU clients/records
- Tier 2 is a US company with EU offices and/or EU employees with a moderate number of EU clients/records
- Tier 3 is an EU company with US offices with a significant number of EU clients/records
Our Proven Process for GDPR Compliance
The path to compliance with GDPR can look very different based on your organizational structure and needs. Don’t be left in the dark without clear direction to reach compliance.
The PPS Proven Process for GDPR Compliance ensures our experts understand and recommend the right solutions to achieve GDPR compliance within your timeframe and budget objectives:
The seven phases of GDPR implementation, operation, and validation:
- Data Mapping
- Data Privacy Impact Assessment
- GDPR Gap Assessment
- GDPR Gap Remediation
- GDPR Operation, Metrics, & Governance (Virtual Data Privacy Officer)
- GDPR/Privacy Audit (typically Annual)
- Privacy Shield Submission Assistance
We have a 100% success rate bringing organizations to GDPR compliance. See below for more information on each stage of the journey.Talk with a GDPR Consultant
The stakes are high
The regulation calls out penalties that can reach “the greater of €20 million or 4% of global annual turnover.” While there has currently been no precedent set for GDPR non-compliance, we know penalties are on the way.
A strong initial effort towards GDPR compliance will pay large dividends for years to come. Compliance is essential for doing business with EU citizens, as well as to address emerging US privacy regulations like the California Consumer Protection Act of 2018.
Our GDPR Consulting Service Phases:
1) Data Mapping
- Identifies the business context of Data Privacy protection / Information Security relevant to your relevant stakeholders.
- Extensive data mapping exercise to determine the type of data you collect, the jurisdiction in which the data is stored, or cross-border transfers performed, the purpose(s) for which the data is collected and determination of whether you are a data controller or data processor with regards to the data.
- Provides you with formal documentation and attestation as to the existence of your Data Privacy program.
- The documentation and assurance provided by the scope determination deliverable(s) can be used to generate (or maintain) business value by illustrating the scope of Data Privacy protection to new (or existing) stakeholders (e.g. customers or business partners) and establishing boundaries for other activities such as risk management, Gap Assessment, or implementing Information Security management systems for certification under standards such as ISO 27001 or SOC 2.
2) Data Privacy Impact Assessment (DPIA)
- Defines the DPIA Risk Assessment Methodology, identify risks of note based on the Data Mapping, and assess each risk in accordance with the methodology.
- Determines the appropriate level of security that should be applied to information assets, identifies, analyzes and evaluates the risks that security requirements will not be met; and develops plans for how the risks will be managed to an acceptable level.
3) Gap Assessment
- Compares the actual design and performance of the controls you have in place with the expected design/performance.
- The standard data protection regulations are utilized to perform the Gap Assessment and additional controls and guidance may be required depending on organizational needs and functions.
- Gap Remediation Plan Provides you a foundation for setting priorities, assigning ownership, allocating investments of time, money, and human resources, and for measuring, and improving compliance with standards and laws.
4) Gap Remediation
- Provides guidance and support in addressing the issues identified in your Gap Remediation Plan (e.g., Policy/Standards/Procedure Development, Training, etc.)
5) GDPR Operation, Metrics, & Governance (Virtual Data Privacy Officer)
- Provides Data Protection Officer services in accordance with the requirements outlined under Section 4 of the EU GDPR 2016. May include:
- Policy/Procedure Revisions
- Data Privacy Training
- Materials Submission (e.g., EU/US Privacy Shield)
- Liaison to key Stakeholders on Privacy (e.g., regulators, clients, CISO, Board)
- Audit program development, oversight, and Plans of Actions & Milestones (POAM) resolution
6) Annual GDPR Audit
- Conduct the annual audit of your Data Privacy program to ensure controls remain adequate for the required protections and maintain compliance/certification with various Data Privacy governing bodies. Develops any required POAM required to address any nonconformities identified.
When you are ready, here’s how we can help…
Talk with an Expert
Often a 15-minute conversation will yield more useful results than hours of online research. We are happy to listen and point you in the right direction—even if that means not working with us.