CSR Privacy Solutions provides companies with the highest caliber of certified, experienced, and qualified individuals capable of meeting the expanding and various need sets associated with the challenges of privacy and data life cycle management (DLCM) in an ever evolving and stringent regulatory environment. CSR Consulting Suite services vary in their application, range of coverage provisions, cost and end user applicability. CSR offers these programs to private, public, non-profit and governmental organizations on a global basis.
The Consulting Suite offers companies the chance to work with certified privacy professionals dedicated to bringing your company into compliance with legislative requirements, such as General Data Protection Regulation, EU/US Privacy Shield, and US state-specific regulations.
CSR Consulting Suite offers three distinct programs:
CSR provides businesses with customizable privacy services; our consulting programs and its corresponding offerings are modifiable to your need set.
CSR’s Comprehensive Privacy Program offers a privacy program tailored to your company’s industry and jurisdictional regulatory requirements. Our team of certified privacy professionals will help your business meet the need sets of Privacy and Data Life Cycle Management in an ever tightening and stringent regulatory environment.
The following regulatory domains are available for program development:
Phase I – Initial Program Evaluation: This phase will assess your company’s regulatory privacy requirements based on its related industry, data-types, and your data subjects’/clients’ domicile jurisdictions. Upon determining the full scope of your requirements, CSR will evaluate your existing privacy program (i.e. policies, procedures, security and practices). A report of necessary action steps will be provided for your review.
Phase II – Program Development: This phase will address each action step necessary for your company’s compliance with applicable laws.
Actions steps may include, but are not limited to following:
Phase III – Program Auditing and Maintenance: This phase will assess your company’s implemented privacy program and practices to determine compliance with applicable privacy legislation. CSR will provide you with formal and thorough audit documentation and active prioritized remediation assistance by a certified privacy professional, to facilitate regulatory annual audit requirements.
CSR’s Vendor Validation and Verification will assist in implementing appropriate vendor practices based on your company’s industry and regulatory requirements. This plan offers accountability, defensible documentation and extensive review to help you meet your legally mandated vendor requirements.
Notice Commitment Validation: CSR will audit your vendors data handling practices to determine compliance with the commitments stated in your company’s Privacy Notice. Defensible documentation will be provided by a certified privacy professional regarding your vendor due diligence and auditing requirements.
Vendor Validation: CSR’s certified privacy professionals will determine your vendors’ compliance with the privacy obligations stated in your vendor contracts. As best practice and as mandated by the GDPR and the EU/US Privacy Shield, your company should audit vendors handling personal data on an annual basis. CSR’s Vendor Verification will ensure your vendors’ data handling practices are audited by an impartial third party. Defensible documentation will be provided by CSR to facilitate your vendor due diligence and auditing requirements.
CSR’s SIPO program reduces the expense of hiring an internal, full-time resource with the expertise to properly assess, implement and monitor a comprehensive data protection program, including planning for a data breach incident, while increasing the range of expertise available with CSR’s team of privacy specialists. CSR will assign a certified information privacy professional (CIPP) to your business to act as your SIPO. CSR’s team of professionals hold certifications in each of the geographical areas – U.S., Canada and Europe – as well as government and management. Your SIPO will conduct the initial assessment using the CSR Readiness™ Program and will guide you through a comprehensive privacy questionnaire to identify the status of your company’s data protection program. Your dedicated privacy professional will provide the strategic direction as well as the tactical approach tailored to your business needs. This is followed up with remediation suggestions and implementation guidance. The privacy professional will provide guidance from day one and serve as your primary point of contact for all your privacy and compliance needs. Privacy reviews are scheduled regularly.