Considering the massive amount of personal information being created, transferred and stored today as well as the economic, political and social concerns over transborder data flows, adherence to privacy laws and standards has proven to be a challenging imperative of doing business and maintaining a company’s reputation.
International privacy laws often vary in breadth and rigidity. Companies with a customer footprint spanning outside of their country or region may need to demonstrate compliance with the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other foreign privacy principles that differ or even conflict with their own.TALK WITH A SPECIALIST
The invalidation of the Safe Harbor framework and negotiations between the United States and the European Union rendered a new set of standards for companies operating abroad. Understanding and carrying out the overhauled requirements of the EU-U.S. Privacy Shield will be essential for guaranteeing harmonious data flows and cementing relations with your European counterparts.TALK WITH A SPECIALIST
The American sectoral privacy model has given birth to an array of individual laws specific to industry and societal concerns like the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), and the Children’s Online Privacy Protection Act (COPPA). Depending on the nature of your IT products or services, you may be bound to one or more regulations, and will be expected to develop policies and procedures that comprehensively satisfy them.TALK WITH A SPECIALIST
Nearly all of the 50 states now have some form of privacy law in place, and state law can sometimes be even stricter than the overarching federal laws. Whether driven by statutes or common law, accounting for these business and legal obligations can be onerous.TALK WITH A SPECIALIST
Our team of experts can provide any of the following to assess your compliance with
privacy laws and standards.
A readiness assessment helps an organization align with the requirements stipulated in a privacy framework like the GDPR or GLBA through the formal review of data privacy and security policies, procedures, and technologies in place. Ultimately, this exercise will identify those areas where compliance gaps exist and allows for necessary remediation. At the engagement’s conclusion, a report is issued for internal use to communicate the assessment’s results and provide key information on design deficiencies.
An attestation can be carried out in accordance with the standards of the American Institute of Certified Public Accountants (AICPA) to opine on the design and/or operation of the data privacy and security program in place to comply with privacy laws and standards. Attestation reports are intended for the use of clients as well as the user entities of the clients’ products and services.
If your company handles or wants to handle personal data from EU citizens, it will have to comply with and prove it meets the requirements of Privacy Shield.
Get everything you need to know about the changing Privacy Shield, how to be compliant and much more in this guide.
Discover how the Schellman Advantage can help you. Complete the form below.