GDPR is here. CLA (CliftonLarsonAllen) can evaluate your controls around your ability to process, store, and protect personal information to help you comply with one of the most significant pieces of data protection legislation in 20 years.
What’s on your mind?
- Pursuing your due diligence on GDPR
- Navigating GDPR’s “right to be forgotten” with U.S.-based regulations
- Worrying about GDPR fines
- Protecting data, and identifying and resolving gaps
- Managing digital opt ins/opt outs and informed consent notices
- Complying with breach notifications
Experience our client-focused approach
CLA offers more than 30 years of audit, cybersecurity, and data privacy experience, and has worked extensively with U.S. privacy policy requirements like HIPAA and payment card industry data security standard (PCI-DSS) compliance.
We approach each data impact assessment through the lens of your industry and how you work within it. That insight will guide the roadmap we build for you, so you can reach the necessary compliance from your current position. You will walk away with a clear action plan that supports GDPR compliance, processes, technical controls, and organizational structure.
GDPR impact, readiness, and compliance assessment services
Our general controls review considers more than 200 factors. We offer:
- Readiness assessment (data mapping and data flow)
- Controls assessment and testing
- Gap evaluation
- Remediation (privacy notices and policy and procedure review)
Supporting activities for an overall GDPR compliance program
- Internal and external vulnerability assessments
- Penetration testing
- Breach response program preparedness
- Cybersecurity incident response
- Breach mitigation consulting and/or after-action review
- HITRUST Validated Common Security Framework (CSF) assessments
- Training for boards and executive teams
Effective date for GDPR and the entities it impacts
Effective on May 25, 2018, GDPR not only applies to organizations located within the EU but it also applies to certain organizations located outside the EU. Consult with experienced data security attorneys to determine its applicability to you and your appropriate compliance requirements.