At Privacy International, we offer comprehensive expertise in privacy, data protection, and information governance services, addressing a diverse spectrum of requirements.

We specialize in the development and updates of privacy notices, standards, and controls, data governance frameworks, incident management protocols, cross-border data transfers, and training programs. Creation of website privacy and consent notices and the establishment of individual rights best practices.

Whether you need guidance in compliance or seek to enhance your overall data management strategy, our holistic suite of services is designed to assist your organization to navigate the complexities of the evolving privacy regulations.

our Services

Privacy Services

Our specialized Privacy Services are designed to assist your company in achieving and maintaining compliance, while fostering a robust and adaptive approach to privacy management.

Individual Rights

Establish robust procedures to effectively respond, monitor, track, and report compliance levels regarding Data Subject Rights (DSR) or Individual Rights (IR) practices.
Implement streamlined updates for managing individuals’ rights across all personal data/information, aligning with GDPR, CCPA, HIPAA, and other relevant requirements.
Effectively communicate the program's efficacy to executive leadership, ensuring transparency and highlighting the organization's commitment to upholding data rights

Evaluation of Personal Information & Data Collected

Review of the consent language, validate the purposes of use are consistent with the language;
Identify the types of data, sources, and storage locations;
Identification of data that may be exempt from regulatory obligations (i.e. HR data).

Analysis of Data Flows, Access, and Security

Creation of data flow maps: source systems (on-line, retail, product/service promotions), data transfers, storage and backup locations;
Validation of user access, role and functionality (view only, extract, modify, etc.); Identification of security measures in place (encryption, intrusion detection, audit logs, etc.).

Assessment of Administrative Procedures

Evaluation of the operations capabilities to handle choice, access, correction and erasure requests;
Define key measurements (handling time, percentage completed, number of escalations, etc.);
Determine frequency of reporting metrics and recipients’ to executive management;
Define and document data breach response procedures.

Data Protection Services

Strengthen your organization's safeguarding of personal information/data with our Data Protection Services. Our comprehensive services encompass assessment, analysis, documentation, measurement, metrics, and management of your information governance programs.

Classification and Processing of Data

Data classification, is it sensitive, confidential, public? Are proper security controls in place based on "sensitivity"?;
Identification of all entities (internal and external) that collect, use or transfer personal data;
Identify which category the entity falls within; controller or processor;
Update or execute cross border agreements as necessary.

Define and Execute Data Management Practices

Based on the data flow assessment, regulatory and legal obligations; define a retention schedule;
Document the systems, databases or physical storage that maintain the personal data;
Validate any technology and resources necessary to implement data destruction processes.

Data Breach Services

Articulate regulatory requirements for receiving, documenting, tracking, and investigating customer and employee privacy data breaches, complete required regulatory filings.
Create and assist in implementation of a best in class Incident Management Playbook to include; risk levels, reporting templates, workflows and progress tracking.

Additional Services

Enhance your regulatory compliance posture with our additional services that provide clear insights into operational practices, data usage, and compliance levels.

Measurements and Metrics

We can assist your organization in identifying metrics and processes to measure compliance based on regulatory requirements for customer and/or employee individual rights, compliant response times, frequency for reviewing privacy statements, third-party risk assessments, incident management playbooks, data breach management and many other areas.

Program Enhancement or Development

Define or update a multiyear strategy that encompasses regulatory requirements, external and internal risks, business objectives and data protection technology. acceptable risk and the potential level of regulatory action.

Training and Awareness

Assess your culture to provide content and approach that best suits your organizational training needs to include the approach, costs and resources necessary.

Mergers, Acquisitions or Divestitures

Assessment, define and advise on regulatory requirements, to transfer, sell or use consumer or employee personal information based on consent, registrations and international transfer instruments (Model Contracts, BCR’s etc.).