The myriad facets of compliance with the privacy acts of various jurisdictions: the EU’s GDPR (General Data Protection Regulation), California’s CCPA (California Consumer Privacy Act), Canada’s PIPEDA (Personal Information Protection and Electronic Documents Act) and the various U.S. states with in-force or upcoming acts of their own – can seem intimidating. But at its simplest, the GDPR (presently the most stringent) is nothing more than a blend of common sense and common decency, managed by policies and procedures to ensure consistent compliance. Depending upon the nature of a company’s business, the extent to which it will gather and process private information and, of course, the company’s (and any 3rd party processors’) location, compliance can range from relatively simple and straightforward to a substantial addition to the company’s infrastructure.
At first exposure to the regulations, it may seem that your company’s compliance efforts may require a major investment of time and resources. However, for most small to medium-sized businesses, the undertaking isn’t really that imposing. The key is to know precisely which requirements really apply to your business.
IVSEO’s Privacy Compliance Audits can help you determine to what extent the regulations apply to your company and establish effective measures to place – and keep – your business in compliance. Our audits consist of 3 phases:
Phase One: We perform an initial assessment audit to determine the extent to which we believe your company is required to comply with the regulations, focusing especially on the GDPR, noting differences to compliance requirements of the other acts, as applicable. At the completion of Phase One, we will provide a written report citing the areas in which a business in your position must implement compliant processes. We will then discuss in a call any questions you may have in order to clarify our findings.
Phase Two: We will provide your designated representative a roadmap to guide them in structuring your compliance program and implementing the appropriate documentation of processes and actions, to include collaborating with them on the formulation of both public-facing and internal policies and procedures.
Phase Three: After your team has completed their work, we will again perform a review audit to ensure that all recommendations have been successfully implemented and are fully functional. In addition, we will issue a second report, detailing all actions taken, tests performed and all policies and procedures put in place, as documentation of your efforts for your records.
Throughout the process, we remain available for clarification and consultation, to help ensure your compliance is effective and well documented, with minimal impact to your organization’s bottom line.
IVSEO is intently focused on helping small to medium businesses structure their privacy compliance efforts in the most cost-effective fashion possible, in order to provide a system that’s sustainable without being unnecessarily cumbersome. Contact us today to discuss how we can help you over any privacy protection hurdles you face.
If you prefer to make informed decisions, rather than depend upon others to tell you what you need to do… Bravo! We’re always pleased to see site owners take the initiative to learn how to be more successful.
To make it easier for you to find what you’re looking for, we’ve prepared a handy complete GDPR, with a navigable table of contents to make it easy to find what you’re looking for. If you do business in the U.S., you may also be interested in looking at our copy of the California Consumer Privacy Act (CCPA). And for Canada, we’ve added a similar copy of Canada’s Personal Information Protection and Electronic Documents Act.
Disclaimer: We are not attorneys, so our assessment and remediation advice is based upon our good-faith understanding of the EU’s General Data Protection Regulation (GDPR) and the stance of the UK’s Information Commissioner’s Office (ICO) in terms of compliance. If you have questions that require specific legal interpretations, you should consult an attorney who specializes in privacy issues and compliance with any applicable privacy acts.