Contact us today to receive your complimentary discovery session 

YOUR COMPLIMENTARY DISCOVERY SESSION INCLUDES:

Dedicated time with a PCG General Data Protection Regulation Expert

A review of your GDPR current-state and desired future-state

A roadmap outlining your goals and strategies

OR

Call Now: 800-731-7153

Accountability

The establishment of clear Data Protection & Privacy leadership within an organization; a Data Protection Officer or others that create and pursue a data protection & privacy roadmap, and proactively articulate the organization’s stature regarding data protection & privacy. An effective governance framework helps organizations prepare for the developing patchwork of regulations and oversee the integrity, availability and security of their data.

Data & Process Management

Policies establish principles such as stewardship, master & meta data practices, protection standards, and quality controls, throughout a data element’s lifecycle. Data and process inventories help manage what information is being accessed, and where and with whom it resides. In combination, effective policies and inventories help companies meet compliance standards and maintain a holistic view of its data landscape.

Third Party Management

Relationships with any third parties that process data on your company’s behalf should be governed by contracts that require them to maintain appropriate technical & organizational measures for protecting and ensuring the privacy of that data. Additionally, companies should employ a risk-based, prioritized approach to audit their third parties on an ongoing basis to ensure they are meeting the data protection & privacy obligations required of them.

Data Transfers

Many regulations specify enhanced security measures for international data transfers, but it is our view that companies should apply a similarly high level of care in the form of technical and organizational measures to domestic transfers and third-party transfers as well. Common solutions include secure transfer tools, encryption, tokenization, data masking, minimization, pseudonymization, anonymization, and more.

Risk Management

Leading companies understand that following a data protection & privacy roadmap is really a series of ongoing exercises in Risk Management, with the completion of projects and tasks prioritized by the amount of risk they pose to the company if left unresolved. All information related risks should be managed accordingly to ensure the company’s data is adequately protected.

Security

Recognized security frameworks such as NIST, CIS/SANS 20 and ISO 27001 provide accredited assurance that companies have appropriate technical and organizational security measures for safeguarding their data and other IT related assets. Security Policies, Incident Response Plans, Acceptable Use Policies and more, work in concert to weave a security posture that incorporates leading practices to safeguard your organization.

Regulatory Engagement

Regulations and restrictions dictating what companies may do with data are spreading around the globe. Nearly every data category – from health information, to credit card data, to financial data, to personal information and more – is governed by compliance requirements. Companies must understand those requirements and how to interact with the different governing entities.  

Data Subjects, Privacy Policy, Purpose

GDPR grants EU data subjects certain rights that give them authority to decide what organizations may do with their personal data. Organization’s privacy policies should inform data subjects about the use of personal data, the purpose of collecting it, and mechanisms and procedures in place to field data subject requests. Simply acknowledging these rights is not enough. Companies must ensure that consumers can easily exercise their rights and comply with the requirements for each type of request.

Data Breach Management

Data breach management plans provide a repeatable framework for assessing breach impact, remediating issues, and notifying impacted parties and regulatory bodies. Leading practices indicate that organizations should implement and test their plans to verify they are able to evaluate breach exposure, establish remediation plans and notify parties within 72 hours of identifying the breach.

Provide Top Talent

PCG employs subject matter experts and leaders across all areas of the GDPR.

Deliver Tailored Approaches

Every organization has unique challenges and demands that require flexible service offerings.

PCG solutions balance people, processes and tools to help drive change and stakeholder alignment.

Drive Organizational Change

THIRD PARTY AUDIT SOLUTIONS

This service analyses current practices, and the development of a right-fit, risk-based capability to ensure that the client can validate that their vendors or third-parties follow appropriate organizational and technical data protection & privacy measures. It’s commonly used by organizations with informal, burgeoning or maturing vendor management programs that lack data protection and privacy subject matter expertise.

OUTSOURCED THIRD PARTY AUDIT SOLUTIONS

This service provides companies an outsourced third-party audit function (vendor onboarding & a regular cadence) that emphasizes organizational and technical security control reviews and data protection and privacy. This service is commonly used by organizations that utilize many vendors or those that do not have established third party management programs.

GAP ANALYSIS

This service analyzes the current-state of GDPR components, alongside required or best practices, to identify gaps and actionable recommendations. We offer two versions of the gap analysis; an accelerated approach for scoping or reporting purposes, and a deep-dive approach for detailed planning on larger initiatives.

MATURITY ASSESSMENT

This service assesses the current-state of the GDPR components and processes to determine the degree of maturity. The results of the assessment are mapped to a capability maturity model that also includes the findings, level designation, and roadmap to deliver upon stakeholder expectations.

CONTROL EVALUATION

This service evaluates the current-state of GDPR control effectiveness with the goal of measuring or improving upon the desired result. We offer two forms of this evaluation; an "assessment of controls" through qualitative evaluation or an "audit of controls" through quantitative and statistically relevant sampling.

CERTIFICATION EVALUATION

This service provides an assessment focused on specific regulatory requirements, or certification mechanisms such as ISO 27001, NIST, and SANS20. This assessment helps identify non-conformities and is designed for companies needing to undergo an audit or certification process.

OUTSOURCED DATA PROTECTION OFFICER

Retainer based access to a data protection and privacy subject matter expert with expertise in GDPR compliance. This resource may partner with an organization’s data protection and privacy leadership or governance team to help prioritize work items, offer guidance on leading practices, and interpret regulatory requirements when applicable on a regular basis. 

OUTSOURCED DPIA SERVICES

Retainer based access to PCG resources who will conduct or review DPIAs on your organization’s behalf, as needed. 

IMPLEMENTATION

This service provides an opportunity to outsource the implementation of solutions or remediation of GDPR gaps. PCG’s team includes the required resources such as strategic advisors (senior practitioners), project oversight resources (program/project management), supporting team members (analysts, subject matter experts) and applicable third-party vendors. 

MANAGEMENT CONSULTANTS

PCG employs program and project managers that will help drive your GDPR compliance project to completion. Our consultants bring a deep understanding of project management and years of experience leading projects. Their strategic and tactical knowledge allows them to seamlessly oversee the scope, schedule, budget, risk and quality.

Click below to see our offerings:

OPERATIONS

This service provides companies the ability to outsource operational components of GDPR with the goal of attaining higher or equal value at a lower overall support cost. Ancillary benefits include improving the core business focus, freeing up internal resources, and gaining access to world-class resources and capabilities.

CORE TEAM MEMBERS

PCG employs a staff of GDPR architects, analysts, and subject matter experts that play a key role in overall project success. This service provides organizations an avenue to tap into these resources to help deliver the project.  Our team members will facilitate the collaboration leading to solutions for your most complex challenges.

DELIVERABLE BASED SERVICES

If you desire an individual or set of deliverables, PCG may provide template artifacts or hands-on support in drafting and implementing specific deliverables such as a privacy policy, information security policy, data breach plan (incident response plan) process inventories and more.