Privacy Program Assessment

As laws surrounding data privacy are created and evolve to the changing landscape of the global market, you need to know where your privacy program stands. Privacy Ref can provide you with the tools to assess your current situation and prepare you for what comes next. Through our Rapid Privacy Program Assessment ™, Privacy Ref will find where your program is working and where it needs to adjust to comply with all relevant regulations.

Rapid Privacy Program Assessment ™

Privacy Ref’s first step in improving privacy practices is to identify the current state of your program. Our Rapid Privacy Program Assessment™ takes a top-down approach to evaluate an organization’s privacy program and practices by comparing them to requirements from existing and forthcoming laws and regulations, industry-recognized privacy frameworks, and organizational priorities. From this review and subsequent analysis, we identify risks and areas for program improvements. The focus is on actual day-to-day activities of individuals and how they handle personal data. This permits us to focus on a rapid, minimally invasive interview and observation process that can take place over a single business week.

Once the Assessment is completed, you will receive an easy-to-understand report that breaks down the requirements in easily digestible tables. For each requirement reviewed, Privacy Ref identifies the source of the requirement, describes it in plain language, and provides a status for your organization measured against the established industry practices. No legal jargon. No equivocation. Just a straightforward statement about where you stand.

At the end of the process, you will receive an executive briefing that presents findings, expert recommendations, and proposed next steps.

All Rapid Privacy Program Assessments ™ share a process that includes:

  • Review of client-supplied artifacts
  • Up to 4 days at the client site plus follow-ups completed remotely
  • Minutes for review and approval after each meeting
  • Preliminary assessment document for review and acceptance 
  • Final assessment document
Assessment ContentsFrameworks
– Executive summary
– Assessment Process
– Overview of Observations
– Comparison with the selected framework(s)
– Improvement Recommendations
– Generally Privacy Principles (GAPP)
– General Data Protection Regulation (GDPR)
– California Privacy (including CCPA)
– Canadian Privacy (PIPEDA & PIPA)
– Australian Privacy Principles (APP)
– Health Insurance Portability and Accountability Act (HIPAA)

Process Stages

Infographics showing the privacy program assessment process

1. Artifact Review

Analyze documents:
– Privacy Policy
– Codes of conduct
– Relevant procedures
– Charters

2. Kick-off Meeting

– Meet the team
– Understand privacy program
– Discuss joint objectives, processes, deliverables
– Answer questions
3. Privacy Ref Interview

– Conduct expert interviews
– Observe behavioral practices
– Identify areas that may increase risk

4. Compile

– Analyze observations to deliver a preliminary report
5. Discuss

– Address any concerns in the preliminary report
6. Final Version

– Published containing a prioritized list of actionable items found during the assessment





Standard Contractual Clauses Review

With the rulings that ended EU-US Privacy Shield, organizations need a new mechanism for transferring information from Europe. One method is the use of Standard Contractual Clauses. These clauses will alter how your business operates and interacts with third parties and customers. Additionally, the European Data Protection Commission has stated that “supplementary measures” will also be required as well, but has yet to provide more details.

Privacy Ref provides an understanding of how to implement Standard Contractual Clauses as well as how it will affect your partnerships and future opportunities. We provide a service to review your current SCC agreements to assure you can meet your commitments including recommending potential “supplementary measures”.

Easy-to-Understand Findings

Receiving a report is only the start of a process. You must then convey the results to your organization, something that can be a challenge if the findings are not delivered in a manner that is easy to consume.

Privacy Ref has broken down legal and other framework requirements into easy-to-understand tables. For each requirement, Privacy Ref’s tables identify the source of the requirement, a plain language description of the requirement, and the status of your organization relative to the requirement.      

Want to find out more?

Go to our Contact Us page or email and someone from Privacy Ref will be in touch with you or call (888) 470-1528.

Follow us on Twitter and LinkedIn