Back to Service Library
Service Catalog / Strategic Advisory & Professional Services / Security Program Development / Privacy Regulatory Relevance & Program Design
158PRRPD Base

Privacy Regulatory Relevance & Program Design

On this page

    Service Overview

    Many businesses face security and privacy compliance requirements. Understanding the path to compliance can be difficult and a lack of clarity can lead to controls that are too expensive, overbearing, or on the opposite end of the spectrum, simply not adequate or reasonable. These gaps may cause minor inconveniences or significant damages and they may result in severe financial penalties, loss of public trust, and damage to corporate reputation.

    Objectives

    The objectives of this initiative are as follows:

    • Identify relevant privacy regulations based upon footprint and operations.
    • Identify personal data processing activities with regulatory relevance.
    • Document privacy relevant process.
    • Identify geographies/jurisdictions with privacy implications 
    • Develop a preliminary set of findings, with actionable, reasonable recommendations to address any gaps identified

    Methodology

    This Regulatory Analysis and Program Design consist of the following phases:

    1. Planning - Preparation necessary to conduct an effective assessment, including:
      1. Scope Definition - Identifying the assets that will be the focus of the assessment, including people, process, and technology;
      2. Schedule Development - Scheduling, project plan creation, and resource identification.
    2. Analysis - Evaluation of controls applied to the assets defined in the Planning phase, including:
      1. Interviews, surveys, and data collection with key data and process owners 
      2. Document privacy relevance process
      3. Identify geographies/jurisdictions with privacy implications
      4. Risk-based rankings of jurisdictions and data pools
    3. Program Design - Design a sustainable privacy program to monitor compliance and remediate deficiencies for applicable regulations, including:
      1. Design sustainable 12 privacy program
      2. Analysis remediation activities at the category level based on risk
      3. Document leverageable processes and technologies
      4. Data Protection Officer requirements
    4. Documentation - Documentation of all deliverables, including:
      1. Regulatory Relevance Analysis - Prioritized recommendations for execution of the privacy program
      2. Privacy Program Design - Prioritized remediation activity list with recommendations for program execution and management
    5. Presentation - Presentation of findings to Client.

    Deliverables

    DeepSeas will produce the following deliverables:

    1. Regulatory Relevance Analysis - Prioritized recommendations for execution of the privacy program
    2. Privacy Program Design - Prioritized remediation activity list with recommendations for program execution and management

    Service Assumptions

    PROJECT-SPECIFIC ASSUMPTIONS

    1. DeepSeas will conduct up to five (5) interviews.

    Client Responsibilities

    The client is responsible for the completion of the following tasks, in accordance with agreed-upon timelines established as part of the project plan.

    1. Client to assign a point of contact (POC) responsible for client coordination and logistics.
    2. The client is responsible for scheduling and coordination of internal client resources for all project work.
    3. The client is responsible for the approval and implementation of draft documents within their organization.