Privacy Risk Assessments
Identify privacy risks and build remediation plans.
Business teams must understand personal data flows and privacy risks that result from a new product launch, global expansion, or merger and acquisition activity. They also need to understand the privacy impacts of new legal and regulatory threats or increased scrutiny from governmental authorities.
TrustArc Privacy Risk Assessments
TrustArc Privacy Risk Assessments entail a systematic evaluation of how personally identifiable information is collected, used, shared and maintained by an organization. The privacy risk assessment process provides development teams with the greatest opportunity to shape the evolution of products and services for successful business outcomes with as few privacy risks as possible.
Our Proven, 5-Step Process
Our process is based on two decades of experience delivering privacy services to thousands of clients around the world:
Through a series of interviews, we work with your team to find any personally identifiable data collected or used in the product or processes at issue. Then we fully map those data flows from the point of collection, storage, and processing. We also map any resources involved in processing, retention, and deletion. Together we will gather supporting documents, including requirements documents, specs, database schemas, and third-party data protection agreements.
The Data Inventory is mapped to the relevant products, systems, and business processes, and data elements are classified according to purposes, uses, and associated risk levels. We apply our scanning technology to applicable websites and mobile apps, shedding light on trackers and tracking technologies used, with Privacy Sensitive Index (PSI) scoring and insight into personally identifiable information (PII) data collection.
Our consultants analyze your stated privacy policies and data management practices alongside the applicable frameworks dependent on the nature and location of the relevant product or processes. Our methodology includes a broad look at risk factors, including those introduced by service providers, vendors and other third parties.
From the compliance review, our consultants provide you with a Findings Report & Gap Analysis outlining the full data lifecycle analysis and risk classification, and describing any gaps found versus the applicable frameworks and against industry best practices. For each gap, we provide a recommended remediation measure, with required and best practice changes.
Armed with our gap analysis and remediation recommendations, we can assist in the development of policies and training programs, provide sample language and templates, and validate remediation steps.