General Data Protection Regulation (GDPR) Readiness
The focus of the privacy world has been dominated in recent years by a single new legal framework: the European Union General Data Protection Regulation (“GDPR”). In May of 2018 the GDPR will replace the existing EU Data Protection Directive which has been in place for over 20 years. Historically, the EU has set a model for privacy that many countries across the globe have chosen to follow. It is anticipated that the GDPR will continue that trend.
Now is the time to start your preparations to operate under this new Regulation. Pangea privacy can help you establish and operationalize a program that meets GDPR requirements and your business needs. From assessing the current state of your privacy program, to creating a roadmap toward May 2018 and through to operationalizing required programmatic components, our teams of highly experienced practitioners will get your business positioned to meet compliance obligations under the GDPR.
International Data Transfer Strategy and Solutions
Data Transfer Strategy Development
Pangea Privacy's practitioners understand that the movement of personal information across international borders carries significant regualtory obligations and risks. Developing a strategy for cross-border transfers and compliance requires not only a clear understanding of the flow of data, but also the applicable regulations and available solutions. Determining whether to rely on Consent, Model Contracts, Privacy Shield, or Binding Corporate Rules can be a confusing exercise. Pangea Privacy applies detailed analysis in full consideration of business needs, to assist organizations in developing effective strategies that optimize the use personal information for your international business..
Privacy Shield Readiness and Certification Support
In 2015, the EU-US Safe Harbor, which enabled the transfer of personal information from the EU to the US for thousands of companies, was invalidated by the European Court of Justice. In its place, the Privacy Shield Framework has been negotiated by the U.S. Department of Commerce and European Commission to provide companies with a mechanism to meet EU data protection requirements when transferring personal information from the EU to the US.
Pangea Privacy provides the expertisenecessary to assist your organization in preparing to meet the Privacy Shiled Principles and certify with the Department of Commerce for the Privacy Shield program. We have assisted early adopters of the Privacy Shield in preparing for certification by developing and operationalizing processes that meet Privacy Shield Principles (Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement and Liability).
Understanding the flow of personal information throughout its lifecycle within your business processes is a critical component of meeting your obligations to protect the privacy rights of those who entrust your organization with information about them and to meet regulatory requirements. Our mapping of data flows generates visual depictions of data flows which facilitates the application of appropriate controls to the data and transfers, demonstrates due diligence to regulators.
Pangea Privacy uses a highly efficient methodology to create data maps that will provide your internal and external stakeholders with the information they need to manage personal information and associated risks.
Privacy Program Development
For organizations seeking support in standing up a privacy program, Pangea Privacy can help with full privacy program development and support. Our services range from affordable "privacy in a box" packages of templatized program documentation, to provision of full support in developing and operationalizing robust privacy programs designed to meet business needs and limit risks associated with the collection and processing of personal information.
Your privacy policies and procedures are only as good as the uptake of your employees. Pangea Privacy provides training that will effectively communicate not only the actions your employees must take when handling personal information, but also the reasons driving the required behavior.
Our training services range from developing customized enterprise training content to the delivery of standalone modules that cover a full range of privacy and data protection rules, regulations and enterprise program requirements. As required to meet the unique needs of your business and employees, we will provide training experts to deliver live onsite training or provide online training modules that can be viewed on an on-demand basis.
Data Protection Officer (DPO) Services
Under the new General Data Protection Regulation, your organization may be required to have a DPO in place. In fact, if you're operating in certain European countries, that obligation may already exist.
Pangea Privacy has a team of professionals in Europe ready to act as DPO for your operations in the EU at highly competitive prices. Our DPOs are trained to meet regulatory requirements of the DPO function, while keeping our clients' business needs in mind.
Contact us for information on our extensive list of additional services, including:
Privacy Program Compliance Assessments
Privacy Impact Assessments
Privacy Organizational Development
Incident Response Program Development