The Privacy Review and Assessment service is designed to support organisations in optimising their data management practices while adhering to stringent privacy regulations. By implementing our recommended strategies, organisations can reduce compliance risks, enhance data security, and build trust with customers and stakeholders.

Let us help you safeguard your data and navigate the complex landscape of data privacy regulations. Contact us today to schedule a consultation and take the first step toward a more secure and compliant data management approach. Your data is your asset—protect it with confidence.

Overview

The Data Privacy Review & Assessment service is designed to empower organisations to effectively manage their data while ensuring adherence to privacy regulations such as the Privacy Act, GDPR, CPRA, and other relevant Australian laws.

The Data Review & Assessment service employs a multi-faceted approach to evaluate an organisation’s data management policies, practices, and systems:

  1. Stakeholder Workshop: We facilitate a collaborative understanding of privacy requirements by conducting workshops with key internal and external stakeholders. This step is crucial in identifying concerns and gathering valuable insights.
  2. Face-to-Face Interviews: We conduct in-depth interviews with key personnel to gain insights into specific data management processes and practices that relate to privacy law & compliance.
  3. Documentation and Material Review: We conduct a thorough analysis of your existing documentation, architecture diagrams, website content, and marketing materials to assess your current state of data privacy compliance.

Service Deliverables

Our Data Review & Assessment service aims to provide organisations with actionable insights and recommendations:

  1. Privacy Risk Assessment: A report highlighting key risks in your data management practices, such as data collection, retention, security, cross-border data transfers, and transparency in marketing materials.
  2. Recommended Strategies: We offer clear and tailored strategies to address identified risks and enhance your data management practices. These strategies are aimed at reducing exposure to compliance risks while improving data privacy.
  3. Compliance Enhancement: Our service guides you in aligning your data handling practices with the requirements of the Privacy Act, GDPR, CPRA, and other relevant laws, ensuring regulatory compliance.
  4. Data Security Enhancement: We provide recommendations to strengthen your data security measures, including encryption, access controls, and monitoring.
  5. Transparency Improvements: We help update your website content and marketing materials to provide clear, accessible information about data handling practices, privacy policies, and individual data rights.

Focus of the Review

The Privacy Review & Assessment covers a range of areas to give a complete view of your current compliance with regulation and the processes, policies and practices that should be in place to ensure you comply to the best of your ability.

The Privacy Act: The Privacy Act the Australian law that regulates the handling of personal information by organisations. It focuses on principles of data privacy, consent, transparency, and security, ensuring individuals have control over their personal data. The review compares your current approach to the privacy act and associated guidelines to determine where there is risk.  

GDPR (General Data Protection Regulation): The GDPR is a comprehensive European Union regulation governing data protection and privacy for European citizens. Our review includes the requirements under GDPR not currently covered by the Privacy Act.  

CPRA (California Privacy Rights Act): The CPRA is a Californian privacy law that expands on the California Consumer Privacy Act (CCPA). If you are managing the personal information for US citizens, this is a regulation you may also be required to comply with.  

Data Classification Process: Data classification is the systematic categorisation of data based on its sensitivity and importance. This process enables you to identify and apply appropriate security measures to protect data, ensuring it is handled in accordance with privacy regulations. We will review data classifications to ensure they effectively support your needs.  

Data Governance: Data governance is a framework that defines roles, responsibilities, and processes for managing and protecting data. It ensures data is well-managed, reliable, and complies with privacy laws and other regulations. This includes the use of a data catalogue that captures where and how you are storing, using and managing personal information.

Team Skills and Knowledge: Team skills and knowledge refer to the collective competencies of the individuals responsible for data management and privacy compliance. We assess current materials to ensure the team possesses the necessary skills and knowledge to implement effective data protection strategies and ensure adherence to privacy regulations.

Right to be Forgotten (RTBF) – is a legal concept that empowers individuals to request the removal of their personal information from online platforms and search engine results. This right, enshrined in the GDPR and soon to be part of the Australian Privacy Act, grants individuals more control over their data. We will review your RTBF Processes to assess their effectiveness.

Data Retention Policies: The review will examine your data retention policies that specify how long data should be stored and under what conditions it should be disposed of. This helps you comply with privacy regulations by minimising data retained beyond its useful life.

Data Lineage: We will examine how you track and report on data lineage, the tracking of data as it flows through an organisation’s systems. It provides a clear picture of how data is collected, processed, and shared, aiding in compliance with privacy regulations and accountability

Privacy Impact Statements: Privacy Impact Statements (PIAs) assess the potential privacy risks of a project, system, or process. They help you identify and mitigate privacy concerns to ensure compliance with privacy laws. The review assesses your use of PIA’s as part of your data governance practices.

Data Governance Council: A Data Governance Council is a group responsible for establishing data governance policies and practices. It ensures that data management aligns with privacy regulations and organisational objectives. The review will examine the structure and activities of your data governance council with specific focus on personal information.

Security and Access Controls: Security and access controls are measures implemented to protect data from unauthorised access, alteration, or disclosure. We will review your controls to determine their effectiveness for safeguarding personal information and maintaining compliance with privacy laws.

Data Collection: Data Collection Statements are disclosures provided to individuals when their personal data is collected. We will review your statements to ensure they state the purpose of data collection, how their data will be used, and their rights regarding their personal information. They are a fundamental element of transparency and consent under privacy regulations.

Typical Review Process

The Privacy Review & Assessment will typically require 20 days typically delivered over a 4 to 6-week timeframe. Below is an example of the activities over this period.