Program objective:

• Assess company’s state of compliance for European privacy regulations – GDPR (General Data Protection Regulation).
• Develop a plan and implement measures to ensure the company in in a defensible position with regards to compliance.
• Projects
  • Privacy Impact Assessments
  • Contracts & Policies
  • Consent Management
  • Subject Access Rights
  • Data Security
  • Training

The program goals were achieved through:

• Conduct privacy impact assessments and process inventory to identify high risk gaps
• Prioritize high risk processes and organize workstreams to mitigate the risks.
• Secure resources, develop plans

Key accomplishments:

• In a five month time frame the highest priority items, in terms of risk, were identified and addressed in the following areas:
  • Development of privacy breach response plan.
  • Updating of privacy policies.
  • Updating of privacy notices, cookie notifications, consents agreements.
  • Updating of contracts with third party vendors (data processors).
  • Amelioration of consent management process.
  • Privacy training for employees.
  • Implementation of processes to address subject access rights.
  • Development of technology roadmap for tools & systems to improve data security.
  • Implementation of several measures to improve data security: (data encryption, network encryption, etc…).