Mazars logo Mazars logo Mazars logo The Ledger

Mazars Cybersecurity: GDPR & CCPA

Mazars Cybersecurity: GDPR & CCPA

April 11, 2019

The Challenge

A North American Life Sciences company was processing special category private information.  They were growing concerned about their ability to comply with multiple privacy laws, in multiple jurisdictions, some of which could be conflicting.

Without an all-encompassing privacy plan, they risked fines, losing business, and not being allowed to partner with other companies to complete projects, which could cost them millions of dollars in lost opportunity.

As such, the company sought guidance on building a privacy program that would meet Privacy Shield, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) requirements simultaneously, without reinventing the wheel for each new governing body.

How Mazars Helped

Working with multiple divisions and departments, Mazars was able to rewrite the company’s contract language around compliance, significantly limiting their exposure to fines and cease orders.

At the same time, Mazars was able to work with the company’s data protection offices to create a Data Subject Rights (DSR) response program, which was closely related to the privacy protection processes, both operationally and legally. By working with compliance, IT and the company’s data protection offices, we were able to develop Privacy Impact Assessments (PIAs), along with a Record of Processing Activities (ROPA) program.


In six weeks, Mazars developed a GDPR-compliant roadmap with specific deliverables around privacy notice, established a data protection office, built a customized process for the company to respond to Data Subject Rights requests (DSR), and a template for how to manage a record of processing private data (ROPA), along with how to perform ongoing PIAs within their environment. We also provided a data protection officer (DPO) service, to support the company until the program was fully mature.

As a result of the initiative, the company was able to continue with its expansion and integration with its partners, supporting a prosperous outlook for the future.


Atif Ghauri | Principal, Cybersecurity Practice Leader| P: 267.254.8040 | E:

Phillip Jones | Director – Cybersecurity | P: 813.760.5347 | E:

Related posts

July 2020 Description In episode twenty-one of Food for Talk, host Howard Dorman, Mazars Food and Beverage Practice

New York, NY – June 24, 2020 – Congratulations to Ekaterina Prokhorovskaya and Joy Eagle on being selected

June 2020 Description In episode twenty of Food for Talk, host Howard Dorman, Mazars Food and Beverage Practice