Privacy Regulations

Data protection regulations apply to all companies processing and holding personal data. At LBMC Information Security, we want to make sure your organization is prepared. Many U.S. companies have questions about how these regulations impact them, especially pertaining to the types of personal data they store. This is especially relevant with the recent passage of the California Consumer Privacy Act

(CCPA), known by some as the American version of the EU’s General Data Protection Regulation (GDPR). We can help answer questions on GDPR or CCPA and offer guidance to keep you in compliance.

GDPR (General Data Protection Regulation) Compliance Solutions

GDPR applies to all companies processing and holding personal data of data subjects residing in the EU, regardless of the company’s location. The enforcement date began on May 25, 2018, and because GDPR is the most important change in international data privacy regulation in 20 years, we want to make sure your organization is prepared. Many U.S. organizations have questions about how GDPR impacts them, especially pertaining to the types of personal data they have, how the GDPR defines personal data, and the new protection laws against that personal data.

LBMC Information Security can help you answer these questions, determine if your organization is a controller or processor under GDPR (or both), decide whether you need to assign a Data Privacy Officer, and understand how GDPR can impact your organization even outside of the European Union (CCPA).

Our compliance and audit experts can help your organization with GDPR compliance in the following ways:

  • GDPR Applicability Analysis—LBMC Information Security can help your organization understand if GDPR applies. We will gain an understanding of your environment, your legitimate purpose in retaining personal data, and how you interact with EU citizens. This will involve a review of current data flows and interviews with key stakeholders.
  • GDPR Readiness—A readiness assessment takes a deeper dive into how your organization is classified under GDPR. LBMC Information Security will assist you in determining if you are a data controller or a data processor and walk you through determining which legal basis for processing personal data best fits your company. Once this groundwork is laid, we can find the impact of GDPR on an organization through understanding the current privacy maturity and data flows across an organization. We can also help you develop a list of GDPR compliance action items that should be taken, including defining whether your organization is a controller, processor, or both. We will identify key stakeholders and data flows, assess contractual obligations, and implement GDPR into compliance program initiatives.
  • Data Analysis and Classification—Our team can help your organization define and establish a data classification and labeling system, as well as review any existing data classification policies to ensure the protection of personal data as defined by GDPR to map out an ongoing compliance strategy. By conducting an inventory of sensitive data types and performing an analysis of information and inventory of data, we can then help you implement the appropriate controls to ensure GDPR compliance.