隐私条例

Data protection regulations apply to all companies processing and holding personal data. At LBMC 信息安全, we want to make sure your organization is prepared. 很多你.S. companies have questions about how these regulations impact them, especially pertaining to the types of personal data they store. This is especially relevant with the recent passage of the California Consumer 隐私 Act (CCPA), known by some as the American version of the EU’s General Data Protection Regulation (GDPR). We can help answer questions on GDPR or CCPA and offer guidance to keep you in compliance.

浏览服务传单(PDF)

GDPR (General Data Protection Regulation) 合规 解决方案

GDPR applies to all companies processing and holding personal data of data subjects residing in the EU, 不管公司在哪里. 强制执行日期从5月25日开始, 2018, and because GDPR is the most important change in international data privacy regulation in 20 years, we want to make sure your organization is prepared. 很多你.S. organizations have questions about how GDPR impacts them, especially pertaining to the types of personal data they have, GDPR如何定义个人数据, and the new protection laws against that personal data.

LBMC 信息安全 can help you answer these questions, determine if your organization is a controller or 处理器 under GDPR (或两个), decide whether you need to assign a Data 隐私 Officer, and understand how GDPR can impact your organization even outside of the European Union (CCPA).

Our compliance and audit experts can help your organization with GDPR compliance in the following ways:

  • GDPR适用性分析—LBMC 信息安全 can help your organization understand if GDPR applies. We will gain an understanding of your environment, your legitimate purpose in retaining personal data, 以及如何与欧盟公民互动. This will involve a review of current data flows and interviews with key stakeholders.
  • GDPR准备—A readiness assessment takes a deeper dive into how your organization is classified under GDPR. LBMC 信息安全 will assist you in determining if you are a data controller or a data 处理器 and walk you through determining which legal basis for processing personal data best fits your company. 一旦奠定了基础, we can find the impact of GDPR on an organization through understanding the current privacy maturity and data flows across an organization. We can also help you develop a list of GDPR compliance action items that should be taken, including defining whether your organization is a controller, 处理器, 或两个. We will identify key stakeholders and data flows, 评估合同义务, and implement GDPR into compliance program initiatives.
  • 数据分析与分类—Our team can help your organization define and establish a data classification and labeling system, as well as review any existing data classification policies to ensure the protection of personal data as defined by GDPR to map out an ongoing compliance strategy. By conducting an inventory of sensitive data types and performing an analysis of information and inventory of data, we can then help you implement the appropriate controls to ensure GDPR compliance.

管理团队

链接到画了隐私条例

画了 Hendrickson

股东,信息安全

手机图标 电子邮件图标 纳什维尔
手机图标 电子邮件图标 纳什维尔