Privacy Assessment

From GDPR to CCPA, along with so many other new data privacy laws going into effect, knowing which laws and regulations you need to comply with may seem like a daunting task. At KirkpatrickPrice, we want to help your organization navigate your privacy obligations and enhance your privacy practices. We have a built a team of privacy experts to perform assessments, and they are watching enforcement trends, state laws, and federal legislation closely to ensure that the personal data you are responsible for is protected.

Why Work with KirkpatrickPrice for Privacy Compliance?

In a highly data-driven world, it’s our responsibility to help protect organizations and consumers from data and privacy breaches. Privacy assessments at KirkpatrickPrice review and test controls that impact personal data. Our Information Security Auditors are equipped with the knowledge and expertise to perform the following services.

GDPR – The GDPR is a mandate that impacts how organizations market, collect, process, use, and store EU data subjects’ personal data. Regardless of their location, companies that collect or process the personal data of EU data subjects must comply with GDPR.

CCPA – The purpose of CCPA is to give consumers more rights related to their personal data, while also holding businesses accountable for respecting consumers’ privacy.

SOC 2 with Privacy – When a service organization chooses the privacy category as one of the TSPs to be included in a SOC 2 audit, the auditor will assess if personal information collected, used, retained, disclosed, and destroyed is in accordance with privacy notices and business objectives.

HIPAA Privacy Rule – The HIPAA Privacy Rule regulates appropriate use and disclosure of PHI, patient access to PHI, and patient rights. The Privacy Rule is crucial for HIPAA because without it, healthcare organizations could disclose and distribute PHI without the consent of the individual.

Consulting – Not ready to go through a full privacy assessment yet? Unsure of what your privacy requirements are? Our privacy experts are available to sit down with your team, understand your business, and make recommendations on what types of privacy controls you should implement.

Custom Privacy Assessments – Our tool, the Online Audit Manager, is able to customize privacy assessments to meet the needs of your organization. Maybe that means auditing a state-level privacy requirement or combining a privacy assessment with another audit. Whatever your organization needs, we’re here to help.

Choosing KirkpatrickPrice as your privacy partner will help you avoid the steep fines associated with non-compliance and demonstrate your privacy commitments to your global partners. Connect with us today to learn about the time it takes to complete a privacy assessment, understand the cost, learn about upcoming legislation, and take part in a free demo of the Online Audit Manager.

Privacy Assessment & Compliance FAQs

How much does a privacy assessment cost?

Pricing for a privacy assessment depends on scoping factors, including how many records you hold, what type of assessment you need, third parties, and if the audit is combined with any others. Pricing will also vary with the inclusion of a gap analysis or additional remediation time.

How long does a privacy assessment take to complete?

The average privacy assessment, using KirkpatrickPrice’s process, is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the report delivery. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.

Is there a certification for doing a privacy assessment?

When your organization completes a privacy assessment, you receive a report stating the auditor’s opinion on the effectiveness of your controls regarding the processing and protection of personal data. These reports are not a certification. In fact, any firm that touts “GDPR certification” or “CCPA-certified” isn’t in touch with how compliance actually works. There are things like the IAPP’s CIPAA/E, CIPM, or FIP certifications, but those are given to individuals, not organizations. The ICO recently announced it’s working with the UKAS to create an ICO-approved certification scheme, but that certification is not established yet and will be voluntary. At this time, there is no mandatory, worldwide, or industry-accepted certification for privacy laws. There is only compliance that you can work towards.

How long is a privacy report valid?

The opinion stated in a privacy report is valid for twelve months following the date that the report was issued.

Click for More Privacy FAQs

What’s the difference between GDPR and CCPA?

How does GDPR impact privacy policies?

How does CCPA impact privacy policies?

Who enforces GDPR?

What happens if you’re non-compliant with GDPR?

How Can a Privacy Assessment Benefit Your Organization?

Although compliance with privacy laws presents overwhelming challenges for many companies, being proactive in your compliance efforts can be extremely valuable to your company. You’re able to build customer trust with digital consumers who are fearful of unwanted follow-up, sales pitches, and spam. Privacy laws can push your company to put the user experience first and demonstrate that you respect user preferences. You can also widen your reach by giving you the opportunity to market to new data subjects. Maybe more importantly of all, achieving compliance now can reduce the likelihood of likelihood that your organization will face regulatory investigations and fines.