You can demonstrate compliance with the New Zealand Privacy Act or other privacy regulations (GDPR, AU Privacy Act) to your customers, shareholders and authorities. This can be done either by being certified against ISO27701 or by obtaining an IISRI Privacy Assurance Rating.
The ISO27701 certificate is issued by the International Organization for Standardization (ISO) certification body and will bring international recognition to your organisation. This engagement requires typically at least 15 days. Read more here.
The IISRI Privacy Assurance Rating is issued by Qualified Privacy Assessors and Lead Auditors of the Independent Information Security and Privacy Rating Institute (IISRI). This rating service is usually a short-term engagement ranging between 2-5 days. Read more here.
The learning objective of this awareness workshop is to introduce you to the privacy regulations, as well as help you understand how they might affect some of your daily activities. This workshop will take you through the different processes in your organisation where privacy plays a role and explores the responsibilities of key stakeholders such as a privacy officer. Delivery Mode: presentations and use-cases Duration: 4 hrs Cost: Please contact us
This workshop consists of two parts: The first part is similar as the Privacy Essentials Workshop. Part 2 builds on top of the first part with the objective to enhance the practical skills a privacy officer needs to have when dealing with various privacy related situations. You will be actively participating and contributing in this workshop through different use-cases. Delivery Mode: presentations, use-cases and privacy skills matrix Duration: 8 hrs Cost: Please contact us
The Privacy Impact Assessment usually takes 2 days, where a privacy consultant will work with you to assess the impact of privacy regulations on your organisation or specific project. The mode of delivery is through at least one workshop with key stakeholders and interviews with data owners in the organisation. The outcome of this engagement is a clear report on the privacy risk level your organisation is exposed to. This will give you the information you need to decide whether you want to accept this risk or to mitigate the risk.
For compliance reasons, but also to be able to protect and manage your data better, understanding your data is important. Do you know your data? This engagement will usually take 4-6 days, where a privacy consultant will work with your team to identify all your data, i.e. what type, where it sits, how sensitive it is, with whom it is shared, etc. The mode of delivery is through at least one workshop with key stakeholders, interviews with data owners in the organisation and possibly by extracting sample data. The outcome of this engagement is a report mapping out your data. This will give you an insight into your data landscape and the risk level based on the location and sensitivity of your data. This will also help you to decide whether you want to accept this risk or to mitigate the risk.
In certain cases, the Privacy Act and GDPR requires companies to designate a Privacy or Data Protection Officer (PO/DPO). Tailored to your privacy needs, SeComPass provides a virtual Privacy and Data Protection Officer (vPO/vDPO) service. The vPO/vDPO will support you by informing, advising, monitoring compliance and acting as your point of contact for authorities and data requests from individuals.
While the use of big data analytics, artificial intelligence and machine learning can empower your organisation, this also introduces new privacy and security risks. Our data analytics team will analyse your big data sets and show you that your anonymized data or non-sensitive data of your customers that is being shared with others might in fact not be that anonymous or non-sensitive as you thought it was. In that case, our experts will support you in reducing this risk to your partners and customers by performing data minimisation techniques.
If you are collecting, processing or storing personal identifiable information from European residents you might need to comply with the General Data Protection Regulation. GDPR requires companies outside the EU in certain cases to have an EU-based representative who serves as the contact person for all issues related to the company’s processing of personal data under the GDPR. He or she must be in a position to communicate effectively with data subjects and to cooperate effectively with the relevant data protection supervisory authorities. SeComPass provides you, via our partners in the EU, a representation service.