Mazars logo Mazars logo Mazars logo The Ledger

Mazars Cybersecurity: GDPR & CCPA

Mazars Cybersecurity: GDPR & CCPA



April 11, 2019

The Challenge

A North American Life Sciences company was processing special category private information.  They were growing concerned about their ability to comply with multiple privacy laws, in multiple jurisdictions, some of which could be conflicting.

Without an all-encompassing privacy plan, they risked fines, losing business, and not being allowed to partner with other companies to complete projects, which could cost them millions of dollars in lost opportunity.

As such, the company sought guidance on building a privacy program that would meet Privacy Shield, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements simultaneously, without reinventing the wheel for each new governing body.


How Mazars Helped

Working with multiple divisions and departments, Mazars was able to rewrite the company’s contract language around compliance, significantly limiting their exposure to fines and cease orders.

At the same time, Mazars was able to work with the company’s data protection offices to create a Data Subject Rights (DSR) response program, which was closely related to the privacy protection processes, both operationally and legally. By working with compliance, IT and the company’s data protection offices, we were able to develop Privacy Impact Assessments (PIAs), along with a Record of Processing Activities (ROPA) program.


Results

In six weeks, Mazars developed a GDPR-compliant roadmap with specific deliverables around privacy notice, established a data protection office, built a customized process for the company to respond to Data Subject Rights requests (DSR), and a template for how to manage a record of processing private data (ROPA), along with how to perform ongoing PIAs within their environment. We also provided a data protection officer (DPO) service, to support the company until the program was fully mature.

As a result of the initiative, the company was able to continue with its expansion and integration with its partners, supporting a prosperous outlook for the future.


Contact

Atif Ghauri | Principal, Cybersecurity Practice Leader| P: 267.254.8040 | E: Atif.Ghauri@MazarsUSA.com

Phillip Jones | Director – Cybersecurity | P: 813.760.5347 | E: Phillip.Jones@MazarsUSA.com



Related posts




Billing Considerations with COVID-19 Laura Peth | Principal, Healthcare Consulting Practice | Mazars USA LLP Kathy Neal | Director, Healthcare


WEBCAST April 2, 2020 | 4 PM ET Michael Coletti | Partner, Manufacturing and Distribution Practice Leader, Mazars USA


April 2020 Description Portia Rose interviews Justin Frazer, director of Regulatory Compliance of Mazars Health Care Consulting in