Glass Buildings

Privacy and Compliance

Privacy Matters

Stringent legislation continues to evolve across the world. BlueQuartz practitioners operate at the intersection of privacy, security, and strategic business objectives. We understand the importance of complying with the everchanging regulatory requirements while pursuing your core business, whether it be a global expansion, new product launch, or strengthening existing practices. 


We can deploy our real-world experience to help companies effectively and efficiently navigate and stay ahead of the everchanging requirements, including those introduced by GDPR and CCPA.


Some of our services include:

  • Establishing a compliance program for local privacy laws

  • Development of policies and privacy notices

  • Building processes to meet individual requests for personal data

  • Preparing and conducting tabletop exercises for incident management and response

  • Building data mapping across the enterprise

  • Defining data inventories

  • Leading privacy training seminars 

  • Assessing organization privacy readiness

  • Conducting Privacy Impact Assessments

  • Providing technical data protection assessments

Privacy Impact Assessment

A Privacy Impact Assessment (“PIA”) can be used to identify actual or potential effects a new system, process, or other activity may have on an organization’s ability to manage individual privacy. The PIA’s results can guide the organization to identify risks, and take suitable mitigating steps.


We have performed Privacy Impact Assessments for specific products, business units, or for enterprises. Organizations should consider complete a PIA when considering making additional investments in new services, expanding in new geographies, or simply as a monitoring activity to ensure current risk mitigation actions remain appropriate.


Key steps in an assessment include:

Step 1. Preliminary Analysis

  • Understand business model

  • Identify key stakeholders, third-party service providers, and customers

  • Define the key regulatory requirements which the assessment needs to take into account

  • Define and box in the system or process parameters

  • Document the processing details, including:

  • Data elements to be collected, processed, and retained

  • Nature, reason for processing

  • Data lifecycle

 

Step 2. Assessment

  • Walkthrough process and technology

  • Understand where confidential information is collected, used, and disclosed (“CUD”)

  • Identify intersections of data, use, and disclosure 

  • Understand existing risks, and assess using likelihood and severity of impact

  • Step 3. Validation and finalization

  • Share draft results with management 

  • Review feedback and finalize report

Any PIA should align to the organization’s unique requirements, including accounting for the legislation which apply to the organization, and the type of information which may be collected. 


BlueQuartz also aligns the PIA results against the organization’s overarching culture, risk tolerance, and information security practices in order to ensure the results, and recommendations, can be well understood and actioned by management.