The evolving legal and regulatory landscape continues to impact on technology innovation, data commercialisation and digital services, presenting challenges to organisations in their collection and use of personal data. Organisations can find themselves going around in circles between different internal stakeholders and control functions, as they seek to strike a balance between managing their legal, reputational and operational risks alongside their commercial and strategic objectives.

Business-Focused Privacy Compliance

We confront your challenges, protect your interests and provide you with solutions that bring long-term value. Our experts bring years of expertise and experience of advising and supporting leading organisations on all aspects of their data compliance and privacy risk management including:

• Global Privacy Programme Management – guiding senior management in the design, implementation and improvement of their organisation’s privacy function.
• Privacy Strategy & Governance – ongoing privacy notice and regulatory horizon scanning, and designing and implementing privacy frameworks, policies and procedures. 
• Privacy Office Advisory Support – interim advisory support to implement, refine and deliver programme activities through to business as usual transition.
• International Data Transfer Strategy Support – advisory and implementation support to identify, risk assess and rationalise cross-border data flows in line with legal and business objectives. 
• Privacy Transactions Services – privacy due diligence support for corporate transactions, data privacy function integration and privacy governance, business and technology alignment.
• Privacy Technology Advisory – privacy technology integration and support across a wide range of commercially available privacy tools and technologies.
• Technology, Transformation & Innovation – management of privacy and data compliance requirements relating to the deployment of new technologies and data innovation and initiatives

Global Privacy Programme Management

Guiding senior management in the design, implementation and improvement of their organisation’s privacy function including:

• Privacy governance, organisational roles and compliance responsibilities
• Resourcing, budget planning and buy-in
• Privacy risk management and data compliance frameworks and alignment with specific locations, functions and data management activities
• Privacy metrics, risk reporting, management dashboards and compliance monitoring

Privacy Strategy & Governance

Ongoing privacy notice and regulatory horizon scanning, and designing and implementing privacy frameworks, standards, policies, procedures and work-flow processes supporting activities such as:

• Developing global privacy notice and control frameworks to reflect local requirements, e.g. GDPR, CCPA
• Monitoring international privacy notice, regulatory affairs and industry strategy horizon scanning
• Developing digital and data ethics strategy and ESG assessments for privacy
• Implementing and operationalising privacy and data compliance change  
• Managing international data transfers
• Updating privacy notices and consent
• Implementing personal data incident management  
• Integrating processes and procedures for data subject rights and access requests
• Embedding Privacy by Design (PbD) principles and protocols
• Developing records of processing activities and data mapping
• Establishing and Improving Data Protection Impact Assessments (DPIA), Privacy Impact Assessments (PIA), Legitimate Interests Impact Assessments, privacy risk reviews and audit plans
• Addressing privacy risk and data compliance within vendor and service provider risk management

Privacy Office Advisory Support

Privacy support to implement, refine and deliver programme activities through to business as usual transition, providing interim advisory support for areas including:

• Privacy Impact Assessments (PIA)
• Product assessments
• Vendor assessments and contract reviews
• Records of processing activities and related inventories and data maps
• Data subject rights management
• Privacy compliance health checks
• Privacy office effectiveness reviews and improvement plans

International Data Transfer Strategy Support

Advisory and implementation support to identify, risk assess and rationalise cross-border data flows in line with legal requirements, localisation rules and business objectives, e.g. offshoring, including:

• International data flow mapping
• Transfer impact and risk assessments
• Data transfer mechanism recommendations and implementation
• International data transfer policies, procedures, technology and tooling
• Implementing and maintaining adequacy measures such as Standard Contractual Clauses and Binding Corporate Rules

Privacy Transactions Services

Privacy and data compliance reviews and due diligence support for corporate transactions, as well as data privacy function integration and Day 0/1/2 preparations around privacy governance and business and technology alignment including:

• Mergers and Acquisitions (M&A)
• Initial Public Offerings (IPO)
• Joint Ventures (JV)
• Business and technology carve-outs
• Restructuring

Privacy Technology Advisory

Privacy technology integration and support across a wide range of commercially available privacy tools and technologies including:

• Layered and dynamic questionnaires supporting the triaging and risk scoring of privacy-related assessments
• Process improvement and efficiency saving including privacy compliance automation in areas such as legal, information/cyber security, vendor/procurement and privacy-related assessments and monitoring
• Risk reporting for privacy including senior management privacy and data compliance dashboards and related metrics

Technology, Transformation & Innovation

Management of privacy and data compliance requirements relating to the deployment of new technologies and data innovation and initiatives including the use of:

• Advertising and tracking technologies
• AI and machine learning
• Blockchain and Internet of Things (IoT)
• Cloud migration of services and data
• Profiling, data analytics and big data