Readiness Assessment Servicess
International, federal, and state data privacy laws along with the emergence of privacy focused control frameworks have created a complex web of compliance requirements for organizations to consider within their data privacy programs.
Our readiness assessments services can help you evaluate your data privacy maturity, identify gaps to pertinent compliance initiatives, and communicate industry best practices. Our attestation reports can serve as a tool to demonstrate your data privacy posture to current or potential clients, investors, regulatory bodies, and other stakeholders.
General Data Protection Regulation (GDPR)
The GDPR is a robust data privacy and security regulation established by the European Union (EU) to protect the personal information of EU citizens. The GDPR applies to organizations based in the EU who process personal information and organizations worldwide who offer goods and services to EU citizens or monitor the behavior of EU citizens. The implications of GDPR therefore apply to most major entities and can be accompanied by hefty penalties if not compliant.
HIPAA Privacy Rule
The HIPAA Privacy Rule sets federal standards for the protection against misuse of personal health information. HIPAA privacy provisions are applicable to covered entities (health plans, healthcare clearing houses, and health care providers) and can be subject to audits by the Office of Civil Rights.
California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
The CCPA and the additional provisions enacted by the CPRA serve as the first encompassing (industry agnostic) privacy regulation in the United States and were enacted by the California legislature to provide rights and consumer protections regarding the personal information of California residents. Similar to the GDPR, the CCPA has broad implications and potentially hefty fines and penalties. The CCPA applies to any organization that conducts business in California and satisfies at least one of the following criteria:
- Has annual gross revenues in excess of $25 million.
- Buys, receives or sells the personal information of 50,000 or more consumers or households.
- Earns more than half of its annual revenue from selling consumers’ personal information.