Get Started
Select Page

Privacy Risk Assessments

Identify privacy risks and build remediation plans


TrustArc Privacy Risk Assessments entail a systematic evaluation of how personally identifiable information is collected, used, shared and maintained by an organization. The privacy risk assessment process provides development teams with the greatest opportunity to shape the evolution of products and services for successful business outcomes with as few privacy risks as possible.

Our Proven, 5-Step Process

Our process is based on two decades of experience delivering privacy services to thousands of clients around the world:

Step One

Data Inventory

Through a series of interviews, we work with your team to find any personally identifiable data collected or used in the product or processes at issue. Then we fully map those data flows from the point of collection, storage, and processing. We also map any resources involved in processing, retention, and deletion. Together we will gather supporting documents, including requirements documents, specs, database schemas, and third-party data protection agreements.

Step Two

Risk Clarification

The Data Inventory is mapped to the relevant products, systems, and business processes, and data elements are classified according to purposes, uses, and associated risk levels. We apply our scanning technology to applicable websites and mobile apps, shedding light on trackers and tracking technologies used, with Privacy Sensitive Index (PSI) scoring and insight into personally identifiable
information (PII) data collection.



Step Three

Policy & Practices Compliance Review

Our consultants analyze your stated privacy policies and data management practices alongside the applicable frameworks dependent on the nature and location of the relevant product or processes. Our methodology includes a broad look at risk factors, including those introduced by service providers, vendors and other third parties.





Step Four

Findings Report & Gap Analysis

From the compliance review, our consultants provide you with a Findings Report & Gap Analysis outlining the full data lifecycle analysis and risk classification, and describing any gaps found versus the applicable frameworks and against industry best practices. For each gap, we provide a recommended remediation measure, with required and best practice changes.

Step Five

Policy & Practices Change Guidance

Armed with our gap analysis and remediation recommendations, we can assist in the development of policies and training programs, provide sample language and templates, and validate remediation steps.





Assess your privacy risks and compliance versus a wide range of standards