Data privacy continues to dominate the information technology headlines. The European Union's (EU) General Data Protection Regulation (GDPR) led the way in 2018, enhancing how individuals located in the EU can access information about themselves and placing limits on what organizations can do with that personal data. Since then, several states have moved to enact their own variations of data privacy regulation, often mirroring aspects of GDPR. The most notable of which is the California Consumer Privacy Act (CCPA), entering enforcement in 2020. What do these data privacy regulations have in common? They apply to nearly all organizations who hold personal data of customers who live in the region of the regulation, even if the organization is located elsewhere! Fines for violations can range from thousands to the millions of dollars, with several fines already being served to organizations.
Compass IT Compliance has spent the past decade working on the forefront of the data privacy movement. Our team includes Certified Data Privacy Solutions Engineers (CDPSE, certified by ISACA) who hold decades of experience across nearly all industries. We offer Data Privacy Risk Assessments to evaluate how personally identifiable data is collected, used, shared, and maintained by an organization. These risk assessments can be mapped to satisfy the requirements of various privacy regulations and frameworks, including but not limited to:
Our reports will identify gaps in controls and identify key work areas that your organization must address to achieve and/or maintain compliance with the regulation or framework. Following our assessment, we will provide detailed remediation recommendations to mitigate the risk of a data privacy incident or violation.
For organizations who wish to take the evaluation even further, we also offer our Data Privacy Audit service. Compass IT Compliance will obtain evidence to determine if your privacy controls are operating effectively to achieve your organization's objectives and satisfy regulation or framework requirements, and provide attestation of the audit along with remediation strategies. This is a deeper dive assessment when compared to the Data Privacy Risk Assessment and will include evidence sampling.
Let Compass IT Compliance assist your organization in assessing any risks present through our Data Privacy Risk Assessments so you can strengthen your customer and employee data environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.