Data privacy services are concerned with the appropriate and legal use of personal and sensitive personal data throughout the data’s lifecycle. This includes how data is collected, processed, stored, maintained, protected and disposed of irrespective of the format and systems used.
Elevate offer comprehensive data privacy services to assess and advise on how you can manage, protect and process the personal data of both your customers and staff in line with your legal and regulatory obligations. Elevate has worked with several companies with U.S and International Data Privacy requirements (e.g. Europe, Singapore, Russia, Latin America, HIPAA) and hence can help you assess your data privacy compliance at the state level and/or international requirements.
Data Privacy requirements vary by legislation in the manner in which the information can be first collected, maintained and/or transported across borders, however, the overall requirements and best practices for the most part are consistent across regulatory and government requirement.
Elevate can help you assess your overall Data Privacy Program to ensure compliance with each specific legislation/ mandate and across requirements to efficiently assess and manage your Data Privacy Program.
Data Privacy Services provided by Elevate:
Understanding how you collect, process, transmit and store data, as well as how you use it and who uses it in your organization, is the foundation of your Data Privacy Program and the key to complying with most privacy regulations. However, we find that in many cases the exact data flow of the sensitive data is unclear and not well documented enabling exposure and increasing the risk of data loss.
What we do:
- We seek to understand the information life cycle of sensitive information for key processes throughout the business.
- We evaluate the strength and effectiveness of controls and safeguards.
- Create a master repository of information life cycle details, including data element types, collection mechanisms, transfers, privacy and security practices and transfers to third parties.
- Establish a sensitivity index to focus control enhancements on areas of highest privacy and security risks.
This done both with manual and automated techniques to gather and document the entire picture.
According to the EU GDPR, PIAs, also known as DPIAs, must be conducted when specific privacy risks occur to the rights and freedoms of data subjects. Additionally, any privacy best practice standard (e.g. AICPA Generally Accepted Privacy Principles (GAPP) has similar requirements.
Your company may be already conducting PIAs, but in with an ad-hoc approach through emails, phone calls and spreadsheets. Elevate can help you develop and support your PIA program and train your team.
Like any other gap analysis, the first step is to understand what the scope of the engagement to then determine which regulation, standard and/or set of requirements apply and then effectively determine where you stand against the requirements. Elevate has the subject matter expertise to navigate with you through your specific needs.