Privacy & Data Protection

Review and assess your privacy and data protection strategy

Privacy & Data Protection

Technology is evolving fast with processes becoming increasingly sophisticated. Now more than ever, it is crucial for businesses and organisations not only to protect the privacy and data they process, but to demonstrate this is done.  

The GDPR introduced a wide scale drive for change in data protection practices both in and outside the European Union (EU). This regulation has significantly changed data protection rules at a time when technology and digital business underpin human life.

Aligning your business with this regulation as well as keeping up to date with regulatory changes can be complex and challenging. Forvis Mazars helps makes things easy. Our guidance is based on years of experience helping hundreds of organisations comply with data protection laws across the globe.

Forvis Mazars has developed a suite of offerings to help our clients meet their compliance needs. Each is tailored to ensure maximum benefit. We believe that compliance should be achieved with minimal business disruption, as business disruption is another form of penalty that should be considered in addition to the potential fines for noncompliance. We take the time to understand your organisation and can help wherever you are in your compliance journey.

Some of the typical services we offer are listed below. For further details on these services, please take a look out our brochure or get in touch to speak to one of our experts.  

Compliance reviews, maturity assessments and audits

For companies who want a check the status of their compliance against global legislation, standards or frameworks. To identify gaps and develop a pragmatic approach to remediation.

  • Data privacy compliance assessment - A high level privacy assessment to understand your compliance status against applicable privacy laws. We provide a report with a RAG score against our framework and suggestions for improvements to meet compliance.
  • Data privacy adequacy assessment - An assessment on the controls in place to meet compliance. We delve into the effectiveness of your privacy compliance programme. 
  • Global privacy assessment - For organisations operating across multiple jurisdictions and require compliance with several privacy laws. We draw on our local experts to understand where you are and  support you in your move towards compliance
  • GDPR and privacy audits - An audit which provides assurance on your compliance with the GDPR.
  • Privacy maturity assessment - The maturity assessment focuses on the maturity of the governance arrangements in place to address and maintain privacy compliance measured against the AICPA Privacy Maturity Model.
  • PECR and e-privacy review - An assessment of your compliance with the requirements of the PECR and e-privacy directive. Suggestions include guidance on the use of cookies, marketing and e-communications.
  • Third party and vendor audit - An audit of your third party and vendor management practices, reviewing your on-boarding and due diligence processes. Our audit also delves into contract terms and general management of processors.
  • Artificial Intelligence (AI) review - A review which delves into your businesses use, deployment and management of AI. A deeper review of the core components of AI and whether they meet data protection requirements.

Technical advisory and implementation services

For those areas where you need expert support and an injection into your compliance programme.

  • Privacy Governance and Programme Management - Supporting you in identifying the right governance model and implement effective changes with minimal disruptions.
  • Implementation support - A team of experts to enhance and rapidly implement identified gaps within your business environment allowing you to focus on business as usual.
  • Technical reviews of software and toolkits - Our experts can provide advice and guidance on areas relating to the processing of facial recognition systems, ANPR's and CCTV usage as well as processing on mobile devices.
  • Review and build of documentation policies and procedures - An extensive review and validation of your documentation, policies, procedures and processes, helping you draft changes and ensuring your teams understand the theory and application.
  • Data mapping and records management - An organisation wide review of the data that enters, travels through and exits your business, supporting you with compliance with Article 30 of the GDPR and wider data management requirements.
  • Training, awareness campaigns and workshops - Tailored workshops and training solutions to your teams and exec board, tackling compliance issues, operational challenges and imbedding awareness campaigns with privacy laws.
  • Due diligence, merger and acquisitions review - A privacy assessment on the entities that form part of the merger or acquisition. Our assessment will give you insight on the current status of the businesses compliance with privacy laws.
  • Third party and vendor audits - A detailed audit on your processors and sub-processors assessing their status of compliance, data protection practices and the safeguards deployed.
  • Simulation, testing and table top exercises - Innovative testing of your processes to ensure they are fit for purpose to deal with key compliance requirements and are time efficient.
  • Investigations , incident and breach management - A team of experts at hand to support you in the event of an incident or breach. Our experts can develop internal processes, manage the breach, liaise with the regulator and data subjects and advice on how best to mitigate risks.
  • Individual rights management - Our experts can help embed a practical and efficient system that will help you manage and monitor individual requests and lessen the burden on internal resources.
  • Ad-hoc technical support - A first point of contact for data protection queries, advice and guidance. Our experts are at hand to support you through the challenges.
  • Contract mechanisms and cross border transfers - Advice and guidance on your processing across jurisdictions and the use of appropriate transfer mechanisms.
  • DPIAs - Support with undertaking detailed DPIAs, highlighting potential risks and advising on methods to mitigating these.

DPO support services 

To supplement your data protection officer or support with those mandatory tasks required for compliance.

  • Privacy programme management
  • Governance support
  • On-going monitoring, assessments and audits
  • Review and build of documentation, policies and procedures
  • Validate and develop records of processing (ROPA) and inventories
  • Third party and vendor management
  • Investigations and incident management
  • Individual rights management support
  • DPIA support
  • Training, awareness and workshops
  • Simulation, testing and tabletop exercises
  • Enforcement tracking
  • Reporting and privacy KPIs
  • Simulation and testing
  • Technical support
  • Primary point of contact

Get in touch

If you would like to speak with a member of our Technology Consulting team, please get in touch.

Contact us today

Document

Mazars Privacy and data protection services

Key contact