Home

Quick Links

Legal

navigation
Home > Services > Risk Assurance & Advisory > Privacy Services

Privacy Services

Data Privacy Cybersecurity Banner Image

Our Approach

How organizations protect the privacy of their employee, company and customer data is becoming a critical gauge of trust as executive teams look to future-proof their businesses. In addition, privacy hurdles for organizations across industries will only continue to grow as new state and federal regulatory regimes are enacted. Current state and federal requirements already impose significant financial penalties for non-compliance and are being actively enforced. At Armanino, our consumer data privacy experts provide a range of solutions designed to help business leaders combat the quickly changing landscape of privacy and breach notification laws, and maintain compliance with new regulations. Our privacy experts can help you assess and mitigate risk, develop and manage an effective data privacy and compliance plan, and differentiate yourself in the marketplace by being one step ahead.

Whether you’re just getting started, or you just want someone to handle your data privacy needs for you, we’ve developed a selection of easy-to-implement Data Privacy Managed Services Options for your team to choose from:

  • ULTIMATE – Leave It to Use
    Initial assessment and implementation of our full suite of managed services, including policy creation and maintenance, employee training, outsourced Data Protection Officer and technology tools for responding to Data Subject Access Requests to ensure that your organization can focus on your core value proposition, and leave the data privacy headaches to us.
  • ENHANCED – Maintenance with Support
    Compliance assessments and implementation guidance with ongoing support for policy maintenance, data subject access requests, and on-call service to ensure your organization’s compliance team has the support and expertise needed to maintain your data privacy compliance program.
  • ESSENTIAL – Comply Quickly
    Compliance assessments, reporting, recommendations and implementation guidance to get your organization’s privacy program off the ground.
Armanino Data Privacy Managed Services Chart
(Click on the chart to download)

For more details on specific service offerings, see our descriptions in the following consulting and compliance sections.

Consulting Services

Armanino provides a comprehensive set of solutions to help overcome the privacy challenges faced by many of today’s leading companies of all sizes.

Privacy Managed Services

We have solutions that allow your organization to comply with complex laws such as the General Data Protection Regulation (GDPR), without investing in the cost of dedicated privacy professionals, tools and oversight. You can choose to leave it to us.

Consumers with new “data subject rights,” as well as regulatory authorities can issue a privacy-related request to your organization. This can trigger a cascade of compliance requirements, including a short window to respond, proper authentication, tracking and documentation.

Our managed services offering focuses on having our professionals leverage technology to assume the processing of all privacy requests on behalf of your organization. We provide custom privacy centers, where our professionals can receive data subject requests, leverage tools to integrate and automate data retrieval from your internal systems (including common third-party SaaS apps), and act upon the request through to closure. We can also work with your vendors to ensure that they have procedures in place to respond to requests for which you are responsible.

Privacy Impact Assessment
Armanino can work with you and your team to either facilitate or perform a privacy impact assessment (PIA) to help you identify key data privacy risks and controls. Our specialists ensure that the PIA process is conducted efficiently, provide insight for case-specific alternatives and best practices, and educate you on how best to address your data privacy risks.
Data Inventory

We work with you to perform a detailed data inventory to identify collected pieces of personal data. Our privacy specialists leverage technology to ensure an efficient approach to performing a dynamic data inventory that can be used to support ongoing regulatory compliance.

Privacy Program Assessment

Privacy program assessment means either reviewing an organization’s entire privacy program or ensuring implementation of an organization’s privacy principles into products and services right from the start of product development. Our specialists can conduct privacy reviews for different products, services or an entire organization to help support regulatory compliance and data privacy best practices.

Outsourced Data Protection Officer (DPO)

Many organizations cannot hire an in-house DPO to ensure their organization is following data protection regulations. The duties fulfilled by a DPO are diverse and can vary depending on the nature of the organization and business. Responsibilities filled by a DPO focus on, but are not limited to, the analysis and supervision of compliance with data protection rules, communication and training, and board reporting.

Armanino has privacy experts and processes in place to serve as your outsourced DPO, allowing you to run an effective privacy program, ensure compliance, receive high quality training for your personnel, report competently to your board of directors, and rest assured that it is all done correctly.

Compliance Services

In addition to the services above, we can also work with you to ensure you are compliant with the latest data privacy regulations worldwide:

California Consumer Privacy Act (CCPA)

The CCPA was signed into law in June 2018 by Governor Jerry Brown and will go into effect in January 2020, with enforcement in July 2020. The CCPA is the first United States law following in the footsteps of GDPR, granting significant rights to data subjects and raising the specter of significant fines for organizations that collect the data of California consumers – whether or not that organization is based in California.

Armanino’s experts can help you assess your organization’s exposure and build a strong compliance program; we can also take a managed service approach for end-to-end coverage and a manageable cost of compliance.

General Data Protection Regulation (GDPR)

GDPR is a law intended to strengthen electronic data privacy for all individuals in the European Union, while creating uniform regulations for member countries.

GDPR requires businesses that control data to take into account the nature, scope, context and purpose of processing, as well as the risks of varying likelihood for the rights of natural persons, and implement appropriate technical and organizational measures to ensure and be able to demonstrate compliance.

In addition to Armanino’s managed service offerings for GDPR compliance, our other capabilities include:

  • GDPR & Privacy Program Readiness Assessment – We identify and classify personal data, conducting enterprise-wide data mapping to meet the critical requirements. This enables your organization to fully understand your compliance requirements, obtain actionable recommendations for closing gaps, and found a business case for building your privacy compliance program.
  • GDPR Privacy Program implementation – Or experts help your organization establish a robust governance program. This includes establishing the data protection officer (DPO) role; managing consent, drafting policies and procedures documentation; implementing internal controls mapped to articles compliance; and review, testing and independent audit of the controls. Finally, we help you define the breach notification process to supervisory authorities and data subjects.
  • GDPR training – We create and manage awareness programs through company-wide initiatives.
  • “SOC 2 Plus” with a mapping of your internal controls to GDPR requirements – A SOC 2 report is a report on internal controls at a service organization relevant to security, availability, confidentiality, processing integrity and privacy. The SOC 2 is a widely used vehicle for compliance reporting, but also a tool you can use to attract and retain customers. Armanino has successfully employed the SOC 2 + to give customers reliable transparency to your organization’s GDPR compliance program. This SOC 2 provides assurance that your organization maintains a sufficient set of functioning security and privacy controls to meet GDPR requirements.
Microsoft Supplier Data Protection Requirements (Dpr) Compliance And Reporting:

Is your organization a Microsoft vendor or supplier? If so, you are subject to the requirements of the Microsoft Supplier Security and Privacy Assurance Program (SSPA), formerly known as the Vendor Privacy Assurance Program. We can help you with your annual compliance requirements.

The SSPA program is a partnership between Microsoft’s procurement, corporate external and legal affairs, and corporate security departments to ensure that privacy and security principles are followed when suppliers process Microsoft personal data and/or Microsoft confidential data.

The scope of the SSPA program covers all suppliers globally that process Microsoft personal and/or confidential data. The SSPA program requirements are outlined in the DPR. An annual self-attestation of compliance to these standards is required. Suppliers may also be selected to provide independent verification of compliance in the form of an attestation from a certified public accounting firm.

Armanino helps dozens of clients every year with support for self-assessments and implementing best practices, as well as performing attestations.

As of December 17, 2018, Microsoft released the 2019 version of the DPR, which has been slimmed down slightly, with additional clarity on evidence of compliance added. This version will be applicable for vendors with an anniversary date in 2019.

If you need independent consulting on your self-assessment, or a full attestation of compliance, please contact one of our privacy experts.

Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA, or the PIPED Act, is a Canadian law relating to data privacy. It governs how private sector organizations collect, use and disclose personal information during commercial business. Armanino can help your company meet these international data privacy requirements.

Resources

The GDPR and The CA Consumer Privacy Act: A New Privacy Landscape Emerges

Both these regulations apply to companies in a variety of geographies and across industries. Scrutiny of the way organizations manage consumers’ data privacy rights has never been higher. Our experts help you navig ...

Blogs

June 10, 2019

Framing Data Privacy as a Business Issue

Overwhelmed with all the developments in the data privacy space? Wondering how to navigate the challenges facing your organization? Have you been a...

June 04, 2019

The Storm You Can’t Ignore in Planning for CCPA Compliance

A Quick Glance at Recent Privacy Regulations Companies are taking notice of the bevy of new regulations that establish new privacy obligations and ...

Experts