Privacy Program Assessments

Our Rapid Privacy Program Assessment™ takes a top-down approach to evaluate an organization’s privacy program and practices by comparing them to requirements from existing and forthcoming laws and regulations, industry-recognized privacy frameworks, and organizational priorities. From this review and subsequent analysis, we identify risks and areas for program improvements. We focus on actual day-to-day activities of individuals and how they handle personal data. This permits us to conduct a rapid, minimally invasive interview and observation process that can take place over a single business week.

Assessment Process includes:

  • Review of client-supplied artifacts
  • Minutes for review and approval after each meeting
  • Preliminary assessment document for review and acceptance
  • Final assessment document

Examples of Privacy Ref’s Requirements Frameworks™ that may be applied during an assessment include:

US Laws

International Laws

After defining the scope, we schedule a kickoff meeting with your organization’s project sponsors to review the scope, schedule, logistics, and deliverables of the process.  During this meeting we also discuss program areas of concern where you want us to focus.

KickOff meeting

Artifact Review

The assessment process continues with Privacy Ref reviewing documents and other artifacts related to your privacy program. This includes items such as privacy policies, privacy notices, codes of conduct, relevant procedures, security practices, and charters of privacy-related organizations. Our goal is to understand your business, policies, and procedures before we begin our discussions with your team, saving time for everyone involved.

Interview/Discussions: Privacy Ref will interview key individuals and stakeholders that you identify from various areas of your company, asking them about their daily routines and how they handle personal information. We are also interested in meeting with organizational leaders to learn their perspectives on privacy. Our goal for these interviews is to determine the understanding of privacy and practices in place within the organization. We identify privacy benefits and potential risks posed by the activities and perspectives shared by these individuals.

We primarily conduct privacy assessment interviews remotely, however, face-to-face or multi-location options are available.

Preliminary Assessment Report Delivery

Based on all the information gathered, your Privacy Ref consultants draft a preliminary report.

The Preliminary Privacy Assessment Report includes:

  • A discussion of Privacy Ref’s methodology and our findings for the assessment
  • Documentation of our understanding of your current privacy and operational environment
  • A high-level review of your compliance with applicable privacy laws and regulations (General Privacy Assessment only)
  • An overview of your privacy program’s performance compared against the selected framework
  • Information on how your privacy program supports your business objectives using a Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis
  • A detailed table specifying your privacy program’s performance measured against the individual requirements of the select framework(s)

Table Of Contents

We provide a preliminary version of the report for you to review our observations. You can then express any concerns or questions for us to address prior to publishing the Final Assessment Report.

Final Assessment Report

The Final Assessment Report enhances the Preliminary Assessment Report by adding recommendations for improvements to your privacy program.

These recommendations are provided in-line with our observations and then summarized in a separate sections of the report.

In the summary Privacy Ref prioritizes the recommendations. As part of establishing the priorities we identify the perceived risk to the organization if the recommendation is not applied, as well as the effort anticipated to implement the recommendation.

We present the information on how your privacy program supports your business objectives using a Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis.

SWOT analysis

Easy to Understand Findings

Receiving the report is just the start of your privacy improvement program. You will need to convey the results within your organization, something that can be its own challenge if the findings are not in an easily understandable format.

Privacy Ref has broken down the Privacy Ref Requirement Framework™ requirements into easy-to-understand tables. For each requirement, Privacy Ref’s tables identify the source of the requirement, a plain language description of the requirement, and the status of your organization compared to the requirement. No legalese. No equivocation. Just a simple to understand statement about where you stand.

The same is true for the recommendations we make. We provide an east-to-understand chart identifying the risk and effort for each recommendation, allowing you to quickly see the “low hanging fruit” to improve your program.

At the end of the engagement Privacy Ref will provide an Executive Briefing to present the findings, recommendations, and proposed next steps.

Framework sample

The Privacy Ref Team

Each assessment is conducted by two Privacy Ref team members. This allows for individuals with different experiences and perspectives to participate in the process. At least one of the team members participating will be a Senior or Lead Consultant.

Every Privacy Ref consultant has at least one certification from the International Association of Privacy Professionals (IAPP). Senior and Lead Consultants are also recognized as Fellows of Information Privacy by the IAPP or have similar professional accreditations.

About Privacy Ref

Privacy Ref emphasizes alignment of privacy practices with clients’ organizational and operational goals through assessments, consulting, and training services. We offer tailored solutions to enhance existing data privacy programs or help develop new ones, using our experience and industry best practices. Your goals drive the hands-on approach of Privacy Ref consultants. We develop effective processes that minimize disruption to day-to-day operations, creating a custom privacy program unique to your business needs.

Privacy Ref offers one of the most cost-effective approaches to privacy in the industry.

Start your Privacy Program Assessment Today

Gain a deep understanding of your privacy program. Contact Privacy Ref to schedule a consultation. 

Contact us

Helping SMBs and enterprises build strong data privacy programs

Our Services

Fractional Services
Consulting Services
Training and awareness