Reviews

Privacy Ref’s Program Review takes a top-down approach to provide a high level evaluation of an organization’s privacy program and practices. The focus is on actual day-to-day activities of individuals and how they handle personal data as well as the applications and business activities used to process data. This allows us to focus on a rapid, minimally invasive interview and observation process that can take place over a few business days.

Privacy Program Review Process

  • Review of client-supplied artifacts
  • Minutes for review and approval after each meeting
  • Preliminary Review document for review and acceptance
  • Final Review document

After defining the scope, we schedule a kickoff meeting with your organization’s project sponsors to review the schedule, logistics, and deliverables of the process. During this meeting we also discuss program areas of concern where you want us to focus.

Artifact Review

The process continues with your Privacy Ref consultant reviewing documents and other artifacts related to your privacy program. The goal is to understand your business, policies, and procedures before we begin our discussions with your team, saving time for everyone involved.

Interview/Discussions

Privacy Ref will hold up to ten (10) interviews with key individuals and stakeholders that you identify from various areas of your company asking them about their daily routines and how they handle personal information. Each session may include more than one of your team’s members.

After each session we produce minutes for the participants to approve.

We primarily conduct interviews remotely, however, face-to-face or multi-location options are available.

Preliminary Review Report Delivery

Based on all the information gathered, your Privacy Ref consultant will draft a preliminary report.
The Preliminary Privacy Review Report includes:

  • A discussion of Privacy Ref’s methodology and our findings for the Review
  • Documentation of our understanding of your current privacy and operational environment
  • A high-level review of your compliance with applicable privacy laws and regulations

We provide the preliminary version of the report for you to review our observations. You can then express any concerns or questions for us to address prior to publishing the Final Review Report.

Final Review Report

The Final Review Report enhances the Preliminary Review Report by adding recommendations for improvements to your privacy program as well as an Executive Summary.

These recommendations are provided in-line with our observations and then summarized in separate sections of the report. In the summary Privacy Ref prioritizes the recommendations. As part of establishing the priorities we identify the perceived risk to the organization if the recommendation is not applied, as well as the effort anticipated to implement the recommendation.

Easy to Understand Findings

At the end of the engagement Privacy Ref will provide an Executive Briefing to present the findings, recommendations, and proposed next steps.

Helping SMBs and enterprises build strong data privacy programs

Our Services

Fractional Services
Consulting Services
Training and awareness