Privacy Assessment & Compliance FAQs
How much does a privacy assessment cost?
Pricing for a privacy assessment depends on scoping factors, including how many records you hold, what type of assessment you need, third parties, and if the audit is combined with any others. Pricing will also vary with the inclusion of a gap analysis or additional remediation time.
How long does a privacy assessment take to complete?
The average privacy assessment, using KirkpatrickPrice’s process, is completed in 12 weeks. The engagement begins with scoping procedures, then moves into an onsite visit, evidence review, report writing, and concludes with the report delivery. This timeline is extended when a gap analysis must be performed or when remediation takes longer than expected.
Is there a certification for doing a privacy assessment?
When your organization completes a privacy assessment, you receive a report stating the auditor’s opinion on the effectiveness of your controls regarding the processing and protection of personal data. These reports are not a certification. In fact, any firm that touts “GDPR certification” or “CCPA-certified” isn’t in touch with how compliance actually works. There are things like the IAPP’s CIPAA/E, CIPM, or FIP certifications, but those are given to individuals, not organizations. The ICO recently announced it’s working with the UKAS to create an ICO-approved certification scheme, but that certification is not established yet and will be voluntary. At this time, there is no mandatory, worldwide, or industry-accepted certification for privacy laws. There is only compliance that you can work towards.
How long is a privacy report valid?
The opinion stated in a privacy report is valid for twelve months following the date that the report was issued.